Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google search links when clicked do not go to correct site. The link i

Started by pjlla , Jul 20 2013 01:32 PM

  • This topic is locked This topic is locked

#1
pjlla
Posted 20 July 2013 - 01:32 PM

pjlla

    Member

  • Member
  • PipPip
  • 25 posts
Hi..
I've been having an ongoing problem and it is really annoying. When I do a google search i often will click on one of the results and I'm directed to something else. If I click the back button and reclick on same link it usually works and sends me to correct site. It isn't 100% an issue. Sometimes i get hijacked, sometimes I don't.


I did run the OTL and below is the report it generated. THanks for any help you can give me.


OTL logfile created on: 7/20/2013 3:12:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 34.21% Memory free
11.50 Gb Paging File | 4.73 Gb Available in Paging File | 41.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1393.06 Gb Free Space | 74.78% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.33 Mb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 707.45 Gb Free Space | 75.95% Space Free | Partition Type: NTFS

Computer Name: ANDERSON-PC | User Name: Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/20 15:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson\Downloads\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\minecraft crap\hamachi-2-ui.exe
PRC - [2013/06/07 20:39:42 | 001,302,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/06/07 19:33:12 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/05/08 19:45:03 | 004,023,848 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/20 15:36:54 | 001,892,352 | ---- | M] () -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
PRC - [2012/12/20 08:42:34 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2012/04/24 13:47:30 | 000,697,344 | ---- | M] (Luth Research LLC) -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
PRC - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) -- C:\Windows\SysWOW64\F5InstallerService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 03:26:16 | 001,886,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e84256d44f3f04ac6e80f4b36aa82d68\System.Web.Services.ni.dll
MOD - [2013/07/10 03:26:13 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/10 03:26:12 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/10 03:26:11 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/10 03:26:10 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/10 03:26:09 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/10 03:26:07 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/10 03:25:49 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/10 03:25:46 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/10 03:24:29 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll
MOD - [2013/07/10 03:24:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/10 03:24:24 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/10 03:24:24 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/10 03:24:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/10 03:15:57 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/10 03:15:45 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/10 03:15:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 03:15:36 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll
MOD - [2013/07/10 03:15:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/10 03:15:31 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/10 03:15:28 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll
MOD - [2013/07/10 03:15:27 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/10 03:15:27 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/10 03:15:24 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/10 03:15:19 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/10 03:15:17 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/10 03:07:48 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 03:07:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/05/08 19:43:45 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll
MOD - [2012/04/27 00:12:48 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/04/27 00:12:48 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
MOD - [2012/02/06 16:57:44 | 000,281,248 | ---- | M] () -- C:\Program Files (x86)\EmEditor\mui\1033\emedloc.dll
MOD - [2012/02/06 16:57:32 | 001,326,240 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\minecraft crap\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/12 00:50:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 19:33:12 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/12/20 15:36:54 | 001,892,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe -- (SCService)
SRV - [2012/09/05 11:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) [Auto | Running] -- C:\Windows\SysWOW64\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/26 23:08:31 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/25 17:18:51 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/01/25 17:18:47 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/07/06 08:24:33 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130719.020\ex64.sys -- (NAVEX15)
DRV - [2013/07/06 08:24:33 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130719.020\eng64.sys -- (NAVENG)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/06 13:04:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/05 17:54:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 22:41:38 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...9-463500000031}
IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...9-463500000031}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 52 99 F5 E7 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {A459EC1F-CEF9-4067-8693-91DAA85E6658}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{70DA8D97-A85A-4D7B-9E82-E2169B5A75EE}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{78CBA9B9-2012-4AA6-9CBF-719FC470DB79}: "URL" = http://websearch.ask...6F-0F4CF59A49A9
IE - HKCU\..\SearchScopes\{A459EC1F-CEF9-4067-8693-91DAA85E6658}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...9-463500000031}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://start.sweetpa...-463500000031}"
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2010.0122.2105
FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.13.506.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.3.0.9 - 5
FF - prefs.js..extensions.enabledItems: [email protected]:7.2
FF - prefs.js..keyword.URL: "http://start.sweetpa...3500000031}&q="
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Yahoo"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.yahoo....type=937811&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Anderson\AppData\Roaming\CATALI~3\NPBCSK~1.DLL (Catalina Marketing Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/16 09:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/03/06 12:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\WeightWatchers Browser\components [2013/01/18 10:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\WeightWatchers Browser\plugins [2013/05/16 11:45:09 | 000,000,000 | ---D | M]

[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Extensions
[2013/07/02 22:55:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions
[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2013/07/02 22:45:39 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2013/01/22 14:55:37 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\[email protected]
[2013/01/20 08:54:30 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\idvaultaddin@whitesky
[2013/07/02 22:51:37 | 000,001,793 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\Bing.xml
[2013/01/22 14:54:15 | 000,002,203 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\MyStart Search.xml
[2013/07/02 22:44:27 | 000,000,514 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\sweetim.xml
[2012/12/02 08:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/05 15:15:23 | 000,000,000 | ---D | M] (SavvyConnect) -- C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION
[2013/06/14 20:20:48 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2013/03/06 12:43:32 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Norton Identity Protection = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SavvyConnect IE Extension) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\minecraft crap\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SavvyConnectMenu] C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe (Luth Research LLC)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ALconnect] C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk = C:\Program Files (x86)\EmEditor\emedtray.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]https in Trusted sites)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redistributable) - version 4)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab (F5 Networks Group Policy Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5B7BFB-4283-47B9-B6B7-D36F88381C57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\25912~1.8\{16cdf~1\pcpmngr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2C9A4091-67CF-4F4C-BA0C-2021EA4D4677}
[2013/07/19 21:34:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{077CD0EE-E50C-4BF7-9D56-30064531960C}
[2013/07/19 09:34:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{51B88A2C-1805-4A57-B2C5-BA6D973A5393}
[2013/07/18 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{38F0DA41-EACA-4552-9FD0-E4EE5E42DDE9}
[2013/07/18 00:29:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{146579C5-9B1D-421A-BE32-93BAA53ABB47}
[2013/07/17 12:29:34 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F6ACA603-04AF-4628-95D3-64C4B81E6209}
[2013/07/17 00:29:23 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{AD06E4DD-F19A-4BA4-B1FC-9139A921EE1F}
[2013/07/16 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9086543D-B68D-4607-90E3-9BE9FDEF02C9}
[2013/07/15 19:39:39 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6E16217A-0D86-43DA-814D-BF7F12E29D1B}
[2013/07/15 07:32:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2795646E-FA65-4361-83B4-1761BE17543D}
[2013/07/14 13:43:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB6B9869-8097-4046-AEB3-96E0CF10C7F4}
[2013/07/14 01:18:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C4D7D0A2-38ED-4FD7-A29D-293D135CA96D}
[2013/07/13 13:17:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{CB90463F-D38D-433A-8FB3-69D5C79436D0}
[2013/07/13 01:17:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4C2A5FCD-9BD2-4807-88A6-877B68C71BB8}
[2013/07/12 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DB55AAF4-1B8F-49F5-9B13-CBB7BF3F3C70}
[2013/07/12 01:16:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ADE58E06-B1A9-48CA-9828-6AD88A61BB20}
[2013/07/11 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4CCBB35D-B74A-46D2-8E9A-0D738BD2F4B3}
[2013/07/10 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1C878D6D-E50E-4251-A4CF-F628315CDB14}
[2013/07/10 06:08:51 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6C151C63-44B6-4C4F-94BC-7C9C3D06665D}
[2013/07/09 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{64A278C3-8A53-4A89-BE5D-10D282FD427E}
[2013/07/09 05:20:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ACC5DFA5-4E87-4225-97CE-E178A0485001}
[2013/07/08 07:10:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FD675A68-9FF4-49A2-AFAD-B91C3BF758E5}
[2013/07/07 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C22FC59E-BF68-4A13-BB20-9871B98683C1}
[2013/07/07 06:49:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C1F410A0-4591-4857-8930-5A97AF525DE1}
[2013/07/06 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1490EA5C-642C-48BD-A101-330E2C1F9054}
[2013/07/06 06:47:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{59A1ABA6-8A77-49F4-BEE5-22A1C7EFF6C6}
[2013/07/05 18:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/05 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/05 18:47:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1D856BC5-0730-4040-A507-F2B4A6EB0912}
[2013/07/03 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C7EB1A57-7B44-46CA-836F-71ED563AB454}
[2013/07/03 07:00:32 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\LogMeIn Hamachi
[2013/07/02 17:35:25 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F93212FA-8EC5-4225-B9FA-60F4C23D4EC3}
[2013/07/02 05:35:14 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DF4F3BCF-619F-4F0A-8A57-F1D6411C7759}
[2013/07/01 09:36:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F02C472A-82E4-4C00-BCBB-E22385E60E43}
[2013/06/30 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FAFDD816-9920-41BB-9ED8-3CBCF41854CB}
[2013/06/30 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9FB08D57-950B-45A5-91B8-DE94E19CA7B6}
[2013/06/29 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{95F13ADF-A659-4F73-A36C-EF2C5039D7D6}
[2013/06/28 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{3EC325EA-FCA0-4A85-BA15-22438A75DF72}
[2013/06/28 10:01:08 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9A52C4D5-D975-44A5-8FA7-9AD60FFC1E37}
[2013/06/27 12:19:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{569FEAD8-FE22-42C4-A3AD-AEDB783B909B}
[2013/06/26 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{D7FD81CC-5805-4119-A2D3-B7566AF8DC52}
[2013/06/26 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2544CE89-E72B-4C77-A0F6-B9BF8419353C}
[2013/06/25 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB89BD70-9DEF-4375-B068-D7E7154EBF5E}
[2013/06/24 12:31:20 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{A7816DDA-A5D8-4A0E-8B25-18CAE09CA382}
[2013/06/24 00:30:50 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4D8152E1-9E64-4D72-83AA-673B5590F791}
[2013/06/23 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{624BAED0-E580-44CD-91C5-5D767E314F8C}
[2013/06/22 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{8779B53E-5B63-44AF-AA89-F6618FA8A39F}
[2013/06/22 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{0B76F7D3-CD0D-4244-B603-61B0078AA383}
[2013/06/21 22:00:32 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{06D9ECA5-5CF1-4091-AC9A-3BA5473745D1}
[2013/06/21 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{E4986475-BC48-43FB-877A-B4A6ACFB60BD}
[2013/06/20 21:59:26 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{7A641FA6-6B14-4D7C-8EA6-3CE4188D5462}
[2013/06/20 21:52:49 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{49E0399E-0C7C-4672-A781-8CDFA3946606}
[2013/06/20 14:59:20 | 002,162,336 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Anderson\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/20 15:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 14:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/20 14:21:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001UA.job
[2013/07/20 06:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 22:21:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001Core.job
[2013/07/19 18:00:01 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/19 10:10:32 | 000,015,942 | ---- | M] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/19 09:39:26 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/16 10:45:34 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/16 10:45:34 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/16 09:26:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 09:26:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 09:22:36 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/16 09:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 09:19:02 | 334,897,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/14 11:15:23 | 000,021,329 | ---- | M] () -- C:\Users\Anderson\Documents\quote.odt
[2013/07/12 22:24:11 | 000,002,386 | ---- | M] () -- C:\Users\Anderson\Desktop\Google Chrome.lnk
[2013/07/12 07:48:15 | 000,002,448 | ---- | M] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2013/07/10 03:35:26 | 000,567,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 03:14:04 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 03:14:04 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 03:14:04 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 18:49:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/04 03:34:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/07/02 22:40:04 | 000,430,348 | ---- | M] () -- C:\Users\Anderson\Desktop\EA20536286.xps
[2013/06/28 13:10:16 | 000,024,558 | ---- | M] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:11 | 000,010,263 | ---- | M] () -- C:\Users\Anderson\Documents\grad invite 1.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/19 10:10:30 | 000,015,942 | ---- | C] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/14 11:15:19 | 000,021,329 | ---- | C] () -- C:\Users\Anderson\Documents\quote.odt
[2013/07/02 22:40:03 | 000,430,348 | ---- | C] () -- C:\Users\Anderson\Desktop\EA20536286.xps
[2013/06/28 13:10:14 | 000,024,558 | ---- | C] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:09 | 000,010,263 | ---- | C] () -- C:\Users\Anderson\Documents\grad invite 1.odt
[2013/06/20 14:59:18 | 000,922,944 | ---- | C] () -- C:\Users\Anderson\AppData\Local\a.zip
[2013/06/05 18:44:46 | 000,000,000 | ---- | C] () -- C:\Users\Anderson\ipconfig
[2012/05/22 13:04:27 | 000,002,448 | ---- | C] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\Tlcsel.bin
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Mfts50.dll
[2012/04/29 17:16:02 | 000,015,360 | ---- | C] () -- C:\Users\Anderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 18:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 04:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/10 08:10:11 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\.minecraft
[2012/12/11 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\.techniclauncher
[2012/06/13 15:47:26 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Babylon
[2012/06/25 09:31:57 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina Marketing Corp
[2012/12/14 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina Marketing France
[2013/06/20 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina – Print Savings
[2013/03/19 15:21:35 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2012/08/23 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/01/27 13:53:02 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\DirectLife
[2012/07/16 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\DriverCure
[2013/04/21 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\File Scout
[2013/04/26 19:00:32 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\ftblauncher
[2013/07/20 09:30:00 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\ID Vault
[2012/07/02 13:25:29 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Leadertech
[2012/04/27 01:02:30 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\OpenOffice.org
[2012/11/08 11:46:52 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\OverDrive
[2012/12/02 13:34:55 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\PerformerSoft
[2012/11/19 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\PriceGong
[2012/07/16 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\SpeedyPC Software
[2013/01/22 15:09:27 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Strongvault
[2013/05/19 09:01:01 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\tfcraft
[2012/07/16 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Ulead Systems
[2012/06/28 18:59:01 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\WeatherBug
[2012/04/26 22:49:57 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Phel
Posted 20 July 2013 - 01:58 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, pjlla and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.
  • 0

#3
pjlla
Posted 20 July 2013 - 07:25 PM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OK.. Thanks
  • 0

#4
Phel
Posted 21 July 2013 - 12:42 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Step 1. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. Uninstall Chrome extension.

  • Launch your Google Chrome browser.
  • In the address bar type the following:

    chrome:extensions
  • Extension list will appear.
  • Find there Amazon Shopping Assistant by Spigot extension.
  • Click on the recycle bin icon near it (uninstall it).
  • Restart your browser.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2013/06/07 19:33:12 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/12/20 15:36:54 | 001,892,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe -- (SCService)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...9-463500000031}
IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...9-463500000031}
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...9-463500000031}
FF - prefs.js..browser.startup.homepage: "http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={77608CCA-E38A-11E2-9979-463500000031}"
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: [email protected]:7.2
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={77608CCA-E38A-11E2-9979-463500000031}&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/07/02 22:45:39 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2013/01/22 14:55:37 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\[email protected]
[2013/01/22 14:54:15 | 000,002,203 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\MyStart Search.xml
[2013/07/02 22:44:27 | 000,000,514 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\sweetim.xml
[2013/03/05 15:15:23 | 000,000,000 | ---D | M] (SavvyConnect) -- C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION
[2013/06/14 20:20:48 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O2 - BHO: (SavvyConnect IE Extension) - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll (Luth Research, LLC)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SavvyConnectMenu] C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe (Luth Research LLC)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\25912~1.8\{16cdf~1\pcpmngr.dll) - File not found
[2013/06/20 14:59:20 | 002,162,336 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Anderson\AppData\Local\BcsKtYcHW.dll
[2012/06/13 15:47:26 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Babylon
[2012/06/25 09:31:57 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina Marketing Corp
[2012/12/14 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina Marketing France
[2013/06/20 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Catalina – Print Savings
[2013/04/21 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\File Scout
[2013/01/22 15:09:27 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\Strongvault
[2012/11/19 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anderson\AppData\Roaming\PriceGong

:Files
C:\PROGRAM FILES (X86)\YTD TOOLBAR
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Luth Research
C:\Program Files (x86)\WinZipBar
C:\Program Files\IB Updater
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\Application Updater

:Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Click on the Run Scan button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

  • OTL log
  • AdwCleaner log

  • 0

#5
pjlla
Posted 21 July 2013 - 07:02 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Step 1 completed:
Here is the adware cleaner log:

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 08:54:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anderson - ANDERSON-PC
# Boot Mode : Normal
# Running from : C:\Users\Anderson\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\I Want This
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\v-Grabber
Folder Deleted : C:\Program Files (x86)\WinZipBar
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\Users\Anderson\AppData\Local\APN
Folder Deleted : C:\Users\Anderson\AppData\Local\Conduit
Folder Deleted : C:\Users\Anderson\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Anderson\AppData\Local\PackageAware
Folder Deleted : C:\Users\Anderson\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Anderson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Anderson\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Anderson\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Anderson\AppData\LocalLow\WinZipBar
Folder Deleted : C:\Users\Anderson\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Anderson\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Anderson\AppData\Roaming\file scout
Folder Deleted : C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Deleted : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\[email protected]
Folder Deleted : C:\Users\Anderson\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Anderson\AppData\Roaming\PriceGong
Folder Deleted : C:\Users\Luke.Anderson-PC\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Luke.Anderson-PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Luke.Anderson-PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Luke.Anderson-PC\AppData\LocalLow\WinZipBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WinZipBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\582dfd1b26ebe47
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3181033
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\WinZipBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\582dfd1b26ebe47
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CAC8F83-D515-4680-849E-8FC3ED5F5B8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3DCAB3E-7F2B-4754-90C9-3E702F949DA5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{F42D4712-298F-4502-8668-7B9940C3FB00}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={77608CCA-E38A-11E2-9979-463500000031} --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.8 (en-US)

File : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\prefs.js

C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb196?a=6PQWBl68mx&i=26");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042[...]
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10687");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "4D43A7533851126158E0A8D911F509E5");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "34186bb600000000000040618637b117");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15727");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1414:16:42");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "116302");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQWBl68mx&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQWBl68mx");
Deleted : user_pref("extensions.incredibar.upn2n", "92544317244277653");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1414:16:42");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10687");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "34186bb600000000000040618637b117");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15727");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "116302");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQWBl68mx&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQWBl68mx");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92544317244277653");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:16:42");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={77608C[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.yahoo.com?type=937811&[...]
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Yahoo");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Yahoo");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&e[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16744 octets] - [21/07/2013 08:54:27]

########## EOF - C:\AdwCleaner[S1].txt - [16805 octets] ##########
  • 0

#6
pjlla
Posted 21 July 2013 - 07:18 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
step 2 done.

Part way thru step 3: OTL rebooted and gave me this log: (proceeding to do the last part of step 3 next)

All processes killed
========== OTL ==========
Error: No service named Application Updater was found to stop!
Service\Driver key Application Updater not found.
File C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe not found.
Service SCService stopped successfully!
Service SCService deleted successfully!
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "http://start.sweetpa...-463500000031}" removed from browser.startup.homepage
Prefs.js: [email protected]:3.4 removed from extensions.enabledItems
Prefs.js: [email protected]:7.2 removed from extensions.enabledItems
Prefs.js: "http://start.sweetpa...3500000031}&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\IB Updater\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Folder C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\ not found.
Folder C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\[email protected]\ not found.
File C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\MyStart Search.xml not found.
File C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\sweetim.xml not found.
C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION folder moved successfully.
C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF\components folder moved successfully.
C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76}\ deleted successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}\ not found.
File C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SavvyConnectMenu deleted successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\pcperf~1\25912~1.8\{16cdf~1\pcpmngr.dll deleted successfully.
C:\Users\Anderson\AppData\Local\BcsKtYcHW.dll moved successfully.
Folder C:\Users\Anderson\AppData\Roaming\Babylon\ not found.
C:\Users\Anderson\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
C:\Users\Anderson\AppData\Roaming\Catalina Marketing France folder moved successfully.
C:\Users\Anderson\AppData\Roaming\Catalina – Print Savings folder moved successfully.
Folder C:\Users\Anderson\AppData\Roaming\File Scout\ not found.
C:\Users\Anderson\AppData\Roaming\Strongvault\Strongvault Online Backup folder moved successfully.
C:\Users\Anderson\AppData\Roaming\Strongvault folder moved successfully.
Folder C:\Users\Anderson\AppData\Roaming\PriceGong\ not found.
========== FILES ==========
C:\PROGRAM FILES (X86)\YTD Toolbar\Res\Lang folder moved successfully.
C:\PROGRAM FILES (X86)\YTD Toolbar\Res folder moved successfully.
C:\PROGRAM FILES (X86)\YTD Toolbar\IE\7.2 folder moved successfully.
C:\PROGRAM FILES (X86)\YTD Toolbar\IE folder moved successfully.
C:\PROGRAM FILES (X86)\YTD Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\{A94BEC4A-3282-4CD7-8AAD-F7D698CCBF31} folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\chrome folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin folder moved successfully.
C:\Program Files (x86)\Luth Research\SavvyConnectFramework folder moved successfully.
C:\Program Files (x86)\Luth Research folder moved successfully.
File\Folder C:\Program Files (x86)\WinZipBar not found.
File\Folder C:\Program Files\IB Updater not found.
File\Folder C:\Program Files\Updater By SweetPacks not found.
File\Folder C:\Program Files (x86)\Application Updater not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anderson
->Temp folder emptied: 2272808362 bytes
->Temporary Internet Files folder emptied: 678632874 bytes
->Java cache emptied: 23687098 bytes
->FireFox cache emptied: 7500013 bytes
->Google Chrome cache emptied: 403426923 bytes
->Flash cache emptied: 59982 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Luke
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luke.Anderson-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 873 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86170252 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304877 bytes
RecycleBin emptied: 2903560386 bytes

Total Files Cleaned = 6,121.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07212013_090845

Files\Folders moved on Reboot...
C:\Users\Anderson\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anderson\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
File move failed. C:\Windows\temp\F5InstServLog.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#7
pjlla
Posted 21 July 2013 - 07:40 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here's the extras.log


OTL Extras logfile created on: 7/21/2013 9:20:48 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 65.92% Memory free
11.50 Gb Paging File | 9.12 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1399.33 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.33 Mb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 707.45 Gb Free Space | 75.95% Space Free | Partition Type: NTFS

Computer Name: ANDERSON-PC | User Name: Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = emeditor.txt] -- C:\Program Files (x86)\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = emeditor.txt] -- C:\Program Files (x86)\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24E46BEE-9D94-4BEA-BA79-AAA1B6D77DEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{325D4E94-A7DA-4F32-9811-914015572214}" = lport=445 | protocol=6 | dir=in | app=system |
"{336AB73B-C7CD-4CFC-B51F-F95704AA0292}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44D9D642-CAB8-4FCA-8053-C7ECE63D0F0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{47D65C73-7CB6-4325-97D2-C34F5583B843}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{498C21F4-FA27-4542-BBAB-21BD8F61596A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{565516C7-F055-4AB1-BFD4-3D7CC20C092C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DB0E94F-8ABA-417B-AF33-F0360031E2F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{662282B6-94B3-434B-9272-A9C30CB21AF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CE36656-6019-4B1C-9440-63CD09293041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FE09624-E865-463E-B57C-1D79D6526DC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703CDD56-C48B-410B-9FFB-EF86C395C270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A1B984-9381-416F-A18D-619FC49C9F7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{851BFB16-2FA6-4DE0-B676-6E459CA1D6E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{891FF33C-D6CA-48E3-9EE8-A90F5CD92915}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AC5F986-CD15-44E3-83A5-E41A593A7F57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEF160C1-9B4F-442D-9452-76959B6F9233}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B1D241EA-80B2-435F-A2EA-4550CC29A937}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2089BD2-D81D-47BC-BB02-C9BA28CFD44C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C42983F1-DE1C-4D52-B86E-33BD20AEC3AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C73625AA-3FF3-4E4B-9C6C-09A414B92E87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE84E79E-CA6E-47FF-9E5C-98FB757D8D52}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E40079BE-C947-4663-94F7-D1D116DCEDD2}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2AA8736-652B-4FE6-B1B6-92133DE203B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{F46254FC-6546-4C6D-BC9C-AB431F00BCB6}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B59963-1574-4158-B97E-EF98A8E77D21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{03A3BC24-5EAF-4CD0-AAD3-E3E8633103FE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0642AB2F-EA15-41F1-89E5-527DDCCA1E48}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08DFBDFA-97E2-4E43-93F8-F371F4D6C829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CEE63FB-140B-4E09-B26E-A92D14BF9B13}" = protocol=58 | dir=in | [email protected],-28545 |
"{11009B4D-FFBF-4B89-BB85-E6B85DF033D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1A1BDF65-B6E0-4630-B295-74621FC0612F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{1B743D24-1DE1-4422-A73E-3543D6A5C7F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{21349D36-D6CA-43F7-9797-53571B5DFA9E}" = protocol=1 | dir=in | [email protected],-26140 |
"{26654169-AFE3-406C-A631-F7F5E62C1FC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A568E87-A297-40ED-8C5C-B107D19246DF}" = protocol=6 | dir=in | app=c:\program files (x86)\litemanagerfree - server\romserver.exe |
"{3E4AD752-EECF-4A16-BAFF-807E73EA66FB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45A5AFC3-0DFB-49F8-AFB2-525561C4C802}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CB8BDFB-53A4-4996-829F-E11B93FB7E88}" = protocol=58 | dir=out | [email protected],-28546 |
"{4DE97D8A-E21A-4C9F-8666-7D2E351547AA}" = protocol=17 | dir=in | app=c:\program files (x86)\litemanagerfree - server\romserver.exe |
"{5056F9DF-F36C-44C5-A2D0-6A97D6926A97}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{56C71A54-95B4-47FF-B398-E7D5E8C52C5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{59FC813F-01D0-4ADE-A029-CAC55211075C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5A2F5275-5D89-453C-B898-A87283EE49D0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{5A4AF74F-DDA2-483F-BFE3-463DE9F869F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2ADAEC-402D-4CF7-945C-CC89FD9489CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{618A2A34-593B-44DD-9141-140A6A4B1CE3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{70550BCD-2E4B-4E9F-86C5-52915EFD28CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{75616847-D940-4ACE-A80D-8D1A6F94B38D}" = protocol=1 | dir=out | [email protected],-28544 |
"{75E21E53-0D9E-4F6C-A876-9A6CB0422700}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B68DE86-7F74-4FC4-950D-5937FB54EC53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7F557523-2722-4B57-9B30-991ED396500C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{818A628D-9470-4958-87A2-D68AE4C19D91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84659E7B-EE13-4095-BCFD-A48AAB1AD3EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{871B39D7-CE28-4A62-BEFC-1B460CE41945}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A48710F-3642-4876-8211-F893B341E5A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C59A870-9A7C-4A4C-8DC5-A435BC18625F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{900650DC-6D1D-4986-ADB2-97A8B4FE1EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96C5AC8B-F440-42A3-AB28-DDFE881AC2D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A9B76328-14D1-428A-A9CA-7957F6C96FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD89AC02-5DCC-4CAA-B818-C13E33E5D670}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C05083-F243-481B-900F-2936C57AEED0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C0A90520-62E4-4CC9-BD23-B04F2EA55498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0CA76F7-BB33-4B95-8176-B2455A41F487}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C5A3DF8C-0900-4867-AFA4-9E750DEA9360}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5E9162A-C819-4482-A8C0-0675C77772EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C879A928-E866-487A-B285-E0F546044506}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6D242EC-6960-40C0-9F05-871C321B080B}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{DB367A6E-A15E-44FE-A071-8BF154F41366}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E147301F-1073-4FAC-80FA-3A3E5659031C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E36F93D0-A0E6-4E5D-8242-14BF4EF20B48}" = protocol=1 | dir=in | [email protected],-28543 |
"{E4C0B127-48E7-4EE7-A57F-4B3046B841F1}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EB49B4D1-B4EF-49F2-9C38-ABBF80B70D40}" = protocol=58 | dir=in | [email protected],-26142 |
"{F3946F3C-DF80-4EF2-BB3D-2226A5944B1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F571ACA6-E0F4-400C-843A-BE5266A2198B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8402BB7-C195-4912-96A2-37A6A8DDF977}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FC5F2756-1395-4FE4-8498-FF47CB83DC2F}" = protocol=6 | dir=out | app=system |
"{FCA83381-0CFB-4302-8F49-C61BE28A7E57}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CD886EE3-07DE-76F1-79DA-0D2C31551559}" = ccc-utility64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0879415B-4038-A4ED-276C-80E2C24502E8}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13C8577F-BA8B-452E-B440-F03DC264B9D5}" = EmEditor Professional (32-bit)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21593B51-6838-41A1-A420-7283B4E02A33}" = SavvyConnect
"{23114BAB-A7F2-160F-4CF8-20F5917C5063}" = CCC Help Dutch
"{25349513-852F-470D-AB31-9B42100C926B}" = ActiveLink Connect
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D290157-1B44-1620-073B-F91546386AEF}" = CCC Help German
"{2ED790DD-7123-4EA8-8420-C914B9E162F2}" = PrintMaster Express
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4496E9B5-56AF-4A9C-BC02-BCBF63824224}" = WeightWatchers Connections 2010 Portal
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4599E55A-9861-AA8D-AD77-A62649FB1B88}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BBD417F-13B6-4477-B7C2-AE705864058D}" = YTD Toolbar v7.2
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.5.6.849
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{599556F6-88AA-D1B4-BBEE-E6DBEB69E958}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61E455F8-99A8-D65F-B6E3-06B998B7F26F}" = CCC Help Greek
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E6A5BC-CA30-46DE-2A8E-C17BD52D3A60}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}" = F5 Networks VPN Client for Windows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{772E433B-907F-D183-9521-4FB6C6126E24}" = CCC Help Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{796DDBD5-999C-EE26-EB08-AD16FF82B620}" = CCC Help Italian
"{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy
"{7C3D2C23-FF8C-DF11-1110-220FD024E94B}" = CCC Help Spanish
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{80DB9145-FFA6-A9EA-0684-6F09BCEE5324}" = CCC Help Swedish
"{8303FC1B-3B58-19D3-DBCD-DF63144463DB}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B37A414-1480-607C-8A06-3C6DAC20CA87}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC37670-CFF6-851D-F6F4-D730E2DCF827}" = CCC Help Norwegian
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94FF7296-8022-FFB5-2B31-3B72524DDF2A}" = Catalyst Control Center Graphics Previews Vista
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000001}" = Avery Template - U_0052_01_P
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F5B8E0-1935-0CE0-08B3-7128820A7B08}" = CCC Help Portuguese
"{AA35FD9B-BD64-2229-371C-5217D43F3829}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AFF3DA5E-9426-57DA-3B59-9E67A426214B}" = CCC Help Turkish
"{B31F6A27-F7B6-EA98-2168-B256A929F49B}" = Catalyst Control Center Localization All
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B82285B9-60A7-85E6-2AFF-F7CC65530EA1}" = CCC Help Russian
"{B9845F2F-455C-4E76-9599-159AE471DB59}_is1" = Subvein Mutant Factions v0.74
"{BAC15A55-B97D-AD8C-54AF-5E6B681BC839}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF73A77C-55FD-4F59-928C-DBFDEC52E623}" = Catalyst Control Center Core Implementation
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5177FC1-B7C4-41DE-129F-54B273EBCD09}" = Catalyst Control Center Graphics Previews Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7C05C54-21D1-4DA7-9473-C47CB13D6A40}" = CCC Help Czech
"{C9F3DB27-447C-8569-9E5A-F2DB69C5BE4D}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D584C0DD-5994-8AC4-FC21-ED1E5F3B3B95}" = CCC Help English
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DD794783-8313-CEFC-0A34-B9F596B09F76}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFC3AA0C-E8F1-2DCB-4EA2-073E20131FC5}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA2AD46D-06FB-8883-6CE5-349EC371D173}" = CCC Help Finnish
"{FB3E4248-8793-6A02-7862-4D56FABC814B}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5354-7805-5584-7015" = PrintMaster 2012 Gold
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Combat Arms" = Combat Arms
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ID Vault" = Constant Guard Protection Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"N360" = Norton Security Suite
"Picasa 3" = Picasa 3
"The Complete National Geographic 1.59" = The Complete National Geographic
"vGrabber" = vGrabber
"Windows Password Rescuer Personal" = Windows Password Rescuer Personal
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"Youtube Saved" = Youtube Saved
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveLink Connect" = ActiveLink Connect
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1696 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1696 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1697 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Client unresponsive; aborting connection

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: DNSServiceBrowse _apple-mobdev._tcp.local.

Error - 7/8/2013 6:39:51 AM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:6c:1c:15:ad:f5@fe80::7a6c:1cff:fe15:adf5._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ Media Center Events ]
Error - 5/27/2012 2:57:32 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:57:32 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 3:58:17 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 3:58:17 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 2:02:52 PM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:02:49 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:57:39 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:57:39 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:50:46 PM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:50:33 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/29/2012 2:39:07 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:39:07 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 6/15/2012 7:31:56 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 7:31:56 AM - Error connecting to the internet. 7:31:56 AM - Unable
to contact server..

Error - 6/15/2012 7:32:10 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 7:32:01 AM - Error connecting to the internet. 7:32:01 AM - Unable
to contact server..

Error - 3/18/2013 2:30:02 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:30:02 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 5/24/2013 2:13:57 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:13:52 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 7/21/2013 9:12:12 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/21/2013 9:16:02 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/21/2013 9:16:02 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/21/2013 9:16:02 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/21/2013 9:16:10 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >
  • 0

#8
pjlla
Posted 21 July 2013 - 07:42 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL.txt file created

OTL logfile created on: 7/21/2013 9:20:48 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 65.92% Memory free
11.50 Gb Paging File | 9.12 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1399.33 Gb Free Space | 75.11% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.33 Mb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 707.45 Gb Free Space | 75.95% Space Free | Partition Type: NTFS

Computer Name: ANDERSON-PC | User Name: Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/21 09:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson\Downloads\OTL (2).exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\minecraft crap\hamachi-2-ui.exe
PRC - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/05/08 19:45:03 | 004,023,848 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/12/20 08:42:34 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) -- C:\Windows\SysWOW64\F5InstallerService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 03:26:16 | 001,886,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e84256d44f3f04ac6e80f4b36aa82d68\System.Web.Services.ni.dll
MOD - [2013/07/10 03:26:13 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/10 03:26:12 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/10 03:26:11 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/10 03:26:10 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/10 03:26:09 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/10 03:26:07 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/10 03:25:49 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/10 03:25:46 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/10 03:24:29 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll
MOD - [2013/07/10 03:24:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/10 03:24:24 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/10 03:24:24 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/10 03:24:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/10 03:15:57 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/10 03:15:45 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/10 03:15:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 03:15:36 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll
MOD - [2013/07/10 03:15:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/10 03:15:31 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/10 03:15:28 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll
MOD - [2013/07/10 03:15:27 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/10 03:15:27 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/10 03:15:24 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/10 03:15:19 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/10 03:15:17 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/10 03:07:48 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 03:07:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/05/08 19:43:45 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/04/27 00:12:48 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
MOD - [2012/02/06 16:57:44 | 000,281,248 | ---- | M] () -- C:\Program Files (x86)\EmEditor\mui\1033\emedloc.dll
MOD - [2012/02/06 16:57:32 | 001,326,240 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\minecraft crap\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/12 00:50:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/09/05 11:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) [Auto | Running] -- C:\Windows\SysWOW64\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/26 23:08:31 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/25 17:18:51 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/01/25 17:18:47 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/07/06 08:24:33 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\ex64.sys -- (NAVEX15)
DRV - [2013/07/06 08:24:33 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130720.007\eng64.sys -- (NAVENG)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/06 13:04:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/05 17:54:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 22:41:38 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 52 99 F5 E7 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ch?q={searc---- | M] (Symantec Corporation)
IE - HKCU\..\SearchScopes\{70DA8D97-A85A-4D7B-9E82-E2169B5A75EE}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{78CBA9B9-2012-4AA6-9CBF-719FC470DB79}: "URL" = http://websearch.ask...6F-0F4CF59A49A9
IE - HKCU\..\SearchScopes\{A459EC1F-CEF9-4067-8693-91DAA85E6658}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2010.0122.2105
FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.13.506.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.3.0.9 - 5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Anderson\AppData\Roaming\CATALI~3\NPBCSK~1.DLL File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/21 09:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/03/06 12:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\WeightWatchers Browser\components [2013/01/18 10:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\WeightWatchers Browser\plugins [2013/05/16 11:45:09 | 000,000,000 | ---D | M]

[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Extensions
[2013/07/21 08:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions
[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2013/01/20 08:54:30 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\idvaultaddin@whitesky
[2013/07/02 22:51:37 | 000,001,793 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\Bing.xml
[2012/12/02 08:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION
File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2013/03/06 12:43:32 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Norton Identity Protection = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\minecraft crap\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ALconnect] C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk = C:\Program Files (x86)\EmEditor\emedtray.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]https in Trusted sites)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redistributable) - version 4)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab (F5 Networks Group Policy Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5B7BFB-4283-47B9-B6B7-D36F88381C57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (c:\progra~2\keycry~1\ke50fd~1.dll) - c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/21 09:08:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/21 06:32:20 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{B58BCE9C-48C7-4043-8638-0647BFC1259B}
[2013/07/20 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2C9A4091-67CF-4F4C-BA0C-2021EA4D4677}
[2013/07/19 21:34:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{077CD0EE-E50C-4BF7-9D56-30064531960C}
[2013/07/19 09:34:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{51B88A2C-1805-4A57-B2C5-BA6D973A5393}
[2013/07/18 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{38F0DA41-EACA-4552-9FD0-E4EE5E42DDE9}
[2013/07/18 00:29:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{146579C5-9B1D-421A-BE32-93BAA53ABB47}
[2013/07/17 12:29:34 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F6ACA603-04AF-4628-95D3-64C4B81E6209}
[2013/07/17 00:29:23 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{AD06E4DD-F19A-4BA4-B1FC-9139A921EE1F}
[2013/07/16 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9086543D-B68D-4607-90E3-9BE9FDEF02C9}
[2013/07/15 19:39:39 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6E16217A-0D86-43DA-814D-BF7F12E29D1B}
[2013/07/15 07:32:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2795646E-FA65-4361-83B4-1761BE17543D}
[2013/07/14 13:43:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB6B9869-8097-4046-AEB3-96E0CF10C7F4}
[2013/07/14 01:18:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C4D7D0A2-38ED-4FD7-A29D-293D135CA96D}
[2013/07/13 13:17:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{CB90463F-D38D-433A-8FB3-69D5C79436D0}
[2013/07/13 01:17:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4C2A5FCD-9BD2-4807-88A6-877B68C71BB8}
[2013/07/12 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DB55AAF4-1B8F-49F5-9B13-CBB7BF3F3C70}
[2013/07/12 01:16:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ADE58E06-B1A9-48CA-9828-6AD88A61BB20}
[2013/07/11 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4CCBB35D-B74A-46D2-8E9A-0D738BD2F4B3}
[2013/07/10 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1C878D6D-E50E-4251-A4CF-F628315CDB14}
[2013/07/10 06:08:51 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6C151C63-44B6-4C4F-94BC-7C9C3D06665D}
[2013/07/10 03:08:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:08:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:08:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 03:08:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 03:08:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 03:08:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 03:08:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:08:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:08:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 03:08:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 03:08:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 03:08:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:08:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 03:08:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:08:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/09 20:46:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 20:46:39 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 20:46:39 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 20:46:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 20:46:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{64A278C3-8A53-4A89-BE5D-10D282FD427E}
[2013/07/09 05:20:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ACC5DFA5-4E87-4225-97CE-E178A0485001}
[2013/07/08 07:10:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FD675A68-9FF4-49A2-AFAD-B91C3BF758E5}
[2013/07/07 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C22FC59E-BF68-4A13-BB20-9871B98683C1}
[2013/07/07 06:49:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C1F410A0-4591-4857-8930-5A97AF525DE1}
[2013/07/06 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1490EA5C-642C-48BD-A101-330E2C1F9054}
[2013/07/06 06:47:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{59A1ABA6-8A77-49F4-BEE5-22A1C7EFF6C6}
[2013/07/05 18:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/05 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/05 18:47:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1D856BC5-0730-4040-A507-F2B4A6EB0912}
[2013/07/03 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C7EB1A57-7B44-46CA-836F-71ED563AB454}
[2013/07/03 07:00:32 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\LogMeIn Hamachi
[2013/07/02 17:35:25 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F93212FA-8EC5-4225-B9FA-60F4C23D4EC3}
[2013/07/02 05:35:14 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DF4F3BCF-619F-4F0A-8A57-F1D6411C7759}
[2013/07/01 09:36:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F02C472A-82E4-4C00-BCBB-E22385E60E43}
[2013/06/30 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FAFDD816-9920-41BB-9ED8-3CBCF41854CB}
[2013/06/30 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9FB08D57-950B-45A5-91B8-DE94E19CA7B6}
[2013/06/29 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{95F13ADF-A659-4F73-A36C-EF2C5039D7D6}
[2013/06/28 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{3EC325EA-FCA0-4A85-BA15-22438A75DF72}
[2013/06/28 10:01:08 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9A52C4D5-D975-44A5-8FA7-9AD60FFC1E37}
[2013/06/27 12:19:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{569FEAD8-FE22-42C4-A3AD-AEDB783B909B}
[2013/06/26 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{D7FD81CC-5805-4119-A2D3-B7566AF8DC52}
[2013/06/26 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2544CE89-E72B-4C77-A0F6-B9BF8419353C}
[2013/06/25 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB89BD70-9DEF-4375-B068-D7E7154EBF5E}
[2013/06/24 12:31:20 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{A7816DDA-A5D8-4A0E-8B25-18CAE09CA382}
[2013/06/24 00:30:50 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4D8152E1-9E64-4D72-83AA-673B5590F791}
[2013/06/23 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{624BAED0-E580-44CD-91C5-5D767E314F8C}
[2013/06/22 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{8779B53E-5B63-44AF-AA89-F6618FA8A39F}
[2013/06/22 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{0B76F7D3-CD0D-4244-B603-61B0078AA383}
[2013/06/21 22:00:32 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{06D9ECA5-5CF1-4091-AC9A-3BA5473745D1}
[2013/06/21 09:59:45 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{E4986475-BC48-43FB-877A-B4A6ACFB60BD}

========== Files - Modified Within 30 Days ==========

[2013/07/21 09:22:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/21 09:22:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/21 09:21:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001UA.job
[2013/07/21 09:14:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/21 09:14:42 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/21 09:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/21 09:13:47 | 334,897,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/21 09:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/21 08:57:24 | 002,264,649 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/21 08:56:59 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013/07/21 08:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/20 22:21:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001Core.job
[2013/07/20 18:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/19 10:10:32 | 000,015,942 | ---- | M] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/19 09:39:26 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/16 10:45:34 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/16 10:45:34 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/14 11:15:23 | 000,021,329 | ---- | M] () -- C:\Users\Anderson\Documents\quote.odt
[2013/07/12 22:24:11 | 000,002,386 | ---- | M] () -- C:\Users\Anderson\Desktop\Google Chrome.lnk
[2013/07/12 07:48:15 | 000,002,448 | ---- | M] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2013/07/10 03:35:26 | 000,567,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 03:14:04 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 03:14:04 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 03:14:04 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 18:49:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/04 03:34:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/06/28 13:10:16 | 000,024,558 | ---- | M] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:11 | 000,010,263 | ---- | M] () -- C:\Users\Anderson\Documents\grad invite 1.odt

========== Files Created - No Company Name ==========

[2013/07/19 10:10:30 | 000,015,942 | ---- | C] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/14 11:15:19 | 000,021,329 | ---- | C] () -- C:\Users\Anderson\Documents\quote.odt
[2013/06/28 13:10:14 | 000,024,558 | ---- | C] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:09 | 000,010,263 | ---- | C] () -- C:\Users\Anderson\Documents\grad invite 1.odt
[2013/06/20 14:59:18 | 000,922,944 | ---- | C] () -- C:\Users\Anderson\AppData\Local\a.zip
[2013/06/05 18:44:46 | 000,000,000 | ---- | C] () -- C:\Users\Anderson\ipconfig
[2012/05/22 13:04:27 | 000,002,448 | ---- | C] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\Tlcsel.bin
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Mfts50.dll
[2012/04/29 17:16:02 | 000,015,360 | ---- | C] () -- C:\Users\Anderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 18:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 04:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#9
pjlla
Posted 21 July 2013 - 07:44 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
PS.. Thanks for helping on this...

I have tried google and it seems to be better so far. I'd say about 20% of my google searches gives me links that are redirected now, before it was closer to 70% or more.
  • 0

#10
Phel
Posted 21 July 2013 - 02:53 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Have you installed SpeedyPC by yourself?

Step 1. Two AV's on one computer warning.

I have noticed, that you are using 2 antiviruses - McAfee and Norton in one computer. This can lead to several hangs and in the worst case - to the crash of the whole system. So, please, remove one of these AV's, and keep on your PC only one antivirus program.

Step 2. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • vGrabber
  • Coupon Printer for Windows
  • YTD Toolbar v7.2
  • SavvyConnect
  • Catalina Savings Printer

Step 3. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.

After reboot:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 4. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

:Commands
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Click on the Run Scan button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • OTL.txt
  • Extras.txt

  • 0

Advertisements

#11
pjlla
Posted 21 July 2013 - 10:04 PM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Step 1: Completed... My ISP used to give Mcafee for free and must have switched to NOrton. I deleted Mcafee.
Step 2: Minor issue with Vgrabber. When I uninstalled it said it was already not there and asked if I wanted to be removed from list. I clicked yes. All the others uninstalled.

Step 3: Log from Adwcleaner.

# AdwCleaner v2.306 - Logfile created 07/21/2013 at 23:57:47
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anderson - ANDERSON-PC
# Boot Mode : Normal
# Running from : C:\Users\Anderson\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.8 (en-US)

File : C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [16849 octets] - [21/07/2013 08:54:27]
AdwCleaner[S2].txt - [888 octets] - [21/07/2013 23:57:47]

########## EOF - C:\AdwCleaner[S2].txt - [947 octets] ##########
  • 0

#12
pjlla
Posted 21 July 2013 - 10:28 PM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OTL.txt

OTL logfile created on: 7/22/2013 12:11:19 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.78 Gb Available Physical Memory | 65.81% Memory free
11.50 Gb Paging File | 9.09 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1401.84 Gb Free Space | 75.25% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.33 Mb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 707.44 Gb Free Space | 75.95% Space Free | Partition Type: NTFS

Computer Name: ANDERSON-PC | User Name: Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/20 15:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson\Downloads\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\minecraft crap\hamachi-2-ui.exe
PRC - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/05/08 19:45:03 | 004,023,848 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/12/20 08:42:34 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) -- C:\Windows\SysWOW64\F5InstallerService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 03:26:16 | 001,886,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\e84256d44f3f04ac6e80f4b36aa82d68\System.Web.Services.ni.dll
MOD - [2013/07/10 03:26:13 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/10 03:26:12 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c24b36ceb832eabefe020b7453994a87\System.ServiceModel.Routing.ni.dll
MOD - [2013/07/10 03:26:11 | 001,141,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4e250337cd18240b68997db97a661701\System.ServiceModel.Discovery.ni.dll
MOD - [2013/07/10 03:26:10 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\aab5ffcd3df45c984400184a9a041a8f\System.ServiceModel.Channels.ni.dll
MOD - [2013/07/10 03:26:09 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fd6ee30e73a33e86f4da7180a38feec7\System.ServiceModel.Activities.ni.dll
MOD - [2013/07/10 03:26:07 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/10 03:25:49 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36d4abefb9287140975d11057bb8f7ee\System.Management.ni.dll
MOD - [2013/07/10 03:25:46 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/10 03:24:29 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\3f0863816ab6f5fef4e0abb442752b9f\UIAutomationProvider.ni.dll
MOD - [2013/07/10 03:24:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/10 03:24:24 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/10 03:24:24 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/10 03:24:21 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\e8aafadcd1fc0f8f406434176fb97477\System.Xaml.ni.dll
MOD - [2013/07/10 03:15:57 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4c152db66c5438fbf9e3975858dde0bc\PresentationFramework.ni.dll
MOD - [2013/07/10 03:15:45 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/10 03:15:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9631f1dac820cb6987560f074492150d\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 03:15:36 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll
MOD - [2013/07/10 03:15:35 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/10 03:15:31 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/10 03:15:28 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\dc48e3e467309e2bbde8a876614b38e4\System.Security.ni.dll
MOD - [2013/07/10 03:15:27 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/10 03:15:27 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/10 03:15:24 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/10 03:15:19 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/10 03:15:17 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/10 03:07:48 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/10 03:07:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/22 17:51:51 | 003,113,792 | ---- | M] () -- C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/05/08 19:43:45 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/04/27 00:12:48 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:57:52 | 000,104,608 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedtray.exe
MOD - [2012/02/06 16:57:44 | 000,281,248 | ---- | M] () -- C:\Program Files (x86)\EmEditor\mui\1033\emedloc.dll
MOD - [2012/02/06 16:57:32 | 001,326,240 | ---- | M] () -- C:\Program Files (x86)\EmEditor\emedres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\minecraft crap\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/12 00:50:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/19 13:08:42 | 000,246,400 | ---- | M] (F5 Networks) [Auto | Running] -- C:\Windows\SysWOW64\F5InstallerService.exe -- (F5 Networks Component Installer)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/26 23:08:31 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/25 17:18:51 | 000,041,232 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/01/25 17:18:47 | 000,018,448 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/07/06 08:24:33 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130721.004\ex64.sys -- (NAVEX15)
DRV - [2013/07/06 08:24:33 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130721.004\eng64.sys -- (NAVENG)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/06 13:04:47 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/05 17:54:16 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130719.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/08 22:41:38 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 52 99 F5 E7 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ch?q={searc---- | M] (Symantec Corporation)
IE - HKCU\..\SearchScopes\{70DA8D97-A85A-4D7B-9E82-E2169B5A75EE}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{78CBA9B9-2012-4AA6-9CBF-719FC470DB79}: "URL" = http://websearch.ask...6F-0F4CF59A49A9
IE - HKCU\..\SearchScopes\{A459EC1F-CEF9-4067-8693-91DAA85E6658}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2010.0122.2105
FF - prefs.js..extensions.enabledItems: idvaultaddin@whitesky:1.13.506.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.3.0.9 - 5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..browser.search.defaulturl: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/22 00:09:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/03/06 12:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\WeightWatchers Browser\components [2013/01/18 10:44:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\WeightWatchers Browser\plugins [2013/05/16 11:45:09 | 000,000,000 | ---D | M]

[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Extensions
[2013/07/21 08:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions
[2013/01/18 10:49:00 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2013/01/20 08:54:30 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\extensions\idvaultaddin@whitesky
[2013/07/02 22:51:37 | 000,001,793 | ---- | M] () -- C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\78s4ly4s.default\searchplugins\Bing.xml
[2012/12/02 08:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\LUTH RESEARCH\SAVVYCONNECTFRAMEWORK\BIN\FFEXTENSION
File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2013/03/06 12:43:32 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anderson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Norton Identity Protection = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\minecraft crap\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ALconnect] C:\Users\Anderson\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Anderson\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk = C:\Program Files (x86)\EmEditor\emedtray.exe ()
O4 - Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: weightwatchers.com ([]https in Trusted sites)
O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab (F5 Networks Certificate Checker)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} file://C:/Program Files (x86)/F5 VPN/F5_TMP/msrdp.cab (Microsoft RDP Client Control (redistributable) - version 4)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab (F5 Networks Group Policy Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5opswati.cab (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5B7BFB-4283-47B9-B6B7-D36F88381C57}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (c:\progra~2\keycry~1\ke50fd~1.dll) - c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/21 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{D87A407E-BC3D-46CA-B2A1-115BA602B6BD}
[2013/07/21 09:08:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/21 06:32:20 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{B58BCE9C-48C7-4043-8638-0647BFC1259B}
[2013/07/20 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2C9A4091-67CF-4F4C-BA0C-2021EA4D4677}
[2013/07/19 21:34:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{077CD0EE-E50C-4BF7-9D56-30064531960C}
[2013/07/19 09:34:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{51B88A2C-1805-4A57-B2C5-BA6D973A5393}
[2013/07/18 12:30:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{38F0DA41-EACA-4552-9FD0-E4EE5E42DDE9}
[2013/07/18 00:29:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{146579C5-9B1D-421A-BE32-93BAA53ABB47}
[2013/07/17 12:29:34 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F6ACA603-04AF-4628-95D3-64C4B81E6209}
[2013/07/17 00:29:23 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{AD06E4DD-F19A-4BA4-B1FC-9139A921EE1F}
[2013/07/16 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9086543D-B68D-4607-90E3-9BE9FDEF02C9}
[2013/07/15 19:39:39 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6E16217A-0D86-43DA-814D-BF7F12E29D1B}
[2013/07/15 07:32:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2795646E-FA65-4361-83B4-1761BE17543D}
[2013/07/14 13:43:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB6B9869-8097-4046-AEB3-96E0CF10C7F4}
[2013/07/14 01:18:16 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C4D7D0A2-38ED-4FD7-A29D-293D135CA96D}
[2013/07/13 13:17:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{CB90463F-D38D-433A-8FB3-69D5C79436D0}
[2013/07/13 01:17:33 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4C2A5FCD-9BD2-4807-88A6-877B68C71BB8}
[2013/07/12 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DB55AAF4-1B8F-49F5-9B13-CBB7BF3F3C70}
[2013/07/12 01:16:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ADE58E06-B1A9-48CA-9828-6AD88A61BB20}
[2013/07/11 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4CCBB35D-B74A-46D2-8E9A-0D738BD2F4B3}
[2013/07/10 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1C878D6D-E50E-4251-A4CF-F628315CDB14}
[2013/07/10 06:08:51 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{6C151C63-44B6-4C4F-94BC-7C9C3D06665D}
[2013/07/10 03:08:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:08:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:08:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/10 03:08:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/10 03:08:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/10 03:08:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/10 03:08:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:08:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:08:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/10 03:08:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/10 03:08:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/10 03:08:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:08:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 03:08:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:08:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/09 20:46:42 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 20:46:39 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 20:46:39 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 20:46:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 20:46:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{64A278C3-8A53-4A89-BE5D-10D282FD427E}
[2013/07/09 05:20:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{ACC5DFA5-4E87-4225-97CE-E178A0485001}
[2013/07/08 07:10:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FD675A68-9FF4-49A2-AFAD-B91C3BF758E5}
[2013/07/07 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C22FC59E-BF68-4A13-BB20-9871B98683C1}
[2013/07/07 06:49:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C1F410A0-4591-4857-8930-5A97AF525DE1}
[2013/07/06 18:48:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1490EA5C-642C-48BD-A101-330E2C1F9054}
[2013/07/06 06:47:56 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{59A1ABA6-8A77-49F4-BEE5-22A1C7EFF6C6}
[2013/07/05 18:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/05 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/07/05 18:47:18 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{1D856BC5-0730-4040-A507-F2B4A6EB0912}
[2013/07/03 07:01:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{C7EB1A57-7B44-46CA-836F-71ED563AB454}
[2013/07/03 07:00:32 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\LogMeIn Hamachi
[2013/07/02 17:35:25 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F93212FA-8EC5-4225-B9FA-60F4C23D4EC3}
[2013/07/02 05:35:14 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{DF4F3BCF-619F-4F0A-8A57-F1D6411C7759}
[2013/07/01 09:36:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{F02C472A-82E4-4C00-BCBB-E22385E60E43}
[2013/06/30 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{FAFDD816-9920-41BB-9ED8-3CBCF41854CB}
[2013/06/30 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9FB08D57-950B-45A5-91B8-DE94E19CA7B6}
[2013/06/29 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{95F13ADF-A659-4F73-A36C-EF2C5039D7D6}
[2013/06/28 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{3EC325EA-FCA0-4A85-BA15-22438A75DF72}
[2013/06/28 10:01:08 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{9A52C4D5-D975-44A5-8FA7-9AD60FFC1E37}
[2013/06/27 12:19:01 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{569FEAD8-FE22-42C4-A3AD-AEDB783B909B}
[2013/06/26 21:54:30 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{D7FD81CC-5805-4119-A2D3-B7566AF8DC52}
[2013/06/26 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{2544CE89-E72B-4C77-A0F6-B9BF8419353C}
[2013/06/25 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{BB89BD70-9DEF-4375-B068-D7E7154EBF5E}
[2013/06/24 12:31:20 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{A7816DDA-A5D8-4A0E-8B25-18CAE09CA382}
[2013/06/24 00:30:50 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{4D8152E1-9E64-4D72-83AA-673B5590F791}
[2013/06/23 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{624BAED0-E580-44CD-91C5-5D767E314F8C}
[2013/06/22 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{8779B53E-5B63-44AF-AA89-F6618FA8A39F}
[2013/06/22 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Anderson\AppData\Local\{0B76F7D3-CD0D-4244-B603-61B0078AA383}

========== Files - Modified Within 30 Days ==========

[2013/07/22 00:15:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 00:15:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 00:07:56 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 00:07:55 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/07/22 00:07:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 00:07:20 | 334,897,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 00:03:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/21 23:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 23:21:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001UA.job
[2013/07/21 22:21:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2402522246-2785333876-2617129170-1001Core.job
[2013/07/21 20:29:53 | 000,016,005 | ---- | M] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/21 20:29:53 | 000,000,123 | -H-- | M] () -- C:\Users\Anderson\Documents\.~lock.Anderson, Laura 2013.ods#
[2013/07/21 18:00:00 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/07/21 08:57:24 | 002,264,649 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/21 08:56:59 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013/07/19 09:39:26 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/07/16 10:45:34 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/16 10:45:34 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/16 10:45:34 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/14 11:15:23 | 000,021,329 | ---- | M] () -- C:\Users\Anderson\Documents\quote.odt
[2013/07/12 22:24:11 | 000,002,386 | ---- | M] () -- C:\Users\Anderson\Desktop\Google Chrome.lnk
[2013/07/12 07:48:15 | 000,002,448 | ---- | M] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2013/07/10 03:35:26 | 000,567,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 03:14:04 | 000,740,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/10 03:14:04 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/10 03:14:04 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/05 18:49:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/04 03:34:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/06/28 13:10:16 | 000,024,558 | ---- | M] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:11 | 000,010,263 | ---- | M] () -- C:\Users\Anderson\Documents\grad invite 1.odt

========== Files Created - No Company Name ==========

[2013/07/21 20:29:32 | 000,000,123 | -H-- | C] () -- C:\Users\Anderson\Documents\.~lock.Anderson, Laura 2013.ods#
[2013/07/19 10:10:30 | 000,016,005 | ---- | C] () -- C:\Users\Anderson\Documents\Anderson, Laura 2013.ods
[2013/07/14 11:15:19 | 000,021,329 | ---- | C] () -- C:\Users\Anderson\Documents\quote.odt
[2013/06/28 13:10:14 | 000,024,558 | ---- | C] () -- C:\Users\Anderson\Documents\sickle cell form.odt
[2013/06/27 20:08:09 | 000,010,263 | ---- | C] () -- C:\Users\Anderson\Documents\grad invite 1.odt
[2013/06/05 18:44:46 | 000,000,000 | ---- | C] () -- C:\Users\Anderson\ipconfig
[2012/05/22 13:04:27 | 000,002,448 | ---- | C] () -- C:\Users\Anderson\PrintMaster-2012-Gold.prefs
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\Tlcsel.bin
[2012/05/20 15:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Mfts50.dll
[2012/04/29 17:16:02 | 000,015,360 | ---- | C] () -- C:\Users\Anderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/26 18:59:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 04:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#13
pjlla
Posted 21 July 2013 - 10:28 PM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Extras.txt

OTL Extras logfile created on: 7/22/2013 12:11:19 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anderson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.78 Gb Available Physical Memory | 65.81% Memory free
11.50 Gb Paging File | 9.09 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1401.84 Gb Free Space | 75.25% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.33 Mb Free Space | 70.33% Space Free | Partition Type: NTFS
Drive F: | 931.41 Gb Total Space | 707.44 Gb Free Space | 75.95% Space Free | Partition Type: NTFS

Computer Name: ANDERSON-PC | User Name: Anderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = emeditor.txt] -- C:\Program Files (x86)\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = emeditor.txt] -- C:\Program Files (x86)\EmEditor\EMEDITOR.EXE (Emurasoft, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24E46BEE-9D94-4BEA-BA79-AAA1B6D77DEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{325D4E94-A7DA-4F32-9811-914015572214}" = lport=445 | protocol=6 | dir=in | app=system |
"{336AB73B-C7CD-4CFC-B51F-F95704AA0292}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44D9D642-CAB8-4FCA-8053-C7ECE63D0F0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{47D65C73-7CB6-4325-97D2-C34F5583B843}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{498C21F4-FA27-4542-BBAB-21BD8F61596A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{565516C7-F055-4AB1-BFD4-3D7CC20C092C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DB0E94F-8ABA-417B-AF33-F0360031E2F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{662282B6-94B3-434B-9272-A9C30CB21AF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CE36656-6019-4B1C-9440-63CD09293041}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FE09624-E865-463E-B57C-1D79D6526DC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703CDD56-C48B-410B-9FFB-EF86C395C270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A1B984-9381-416F-A18D-619FC49C9F7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{851BFB16-2FA6-4DE0-B676-6E459CA1D6E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{891FF33C-D6CA-48E3-9EE8-A90F5CD92915}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AC5F986-CD15-44E3-83A5-E41A593A7F57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEF160C1-9B4F-442D-9452-76959B6F9233}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B1D241EA-80B2-435F-A2EA-4550CC29A937}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2089BD2-D81D-47BC-BB02-C9BA28CFD44C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C42983F1-DE1C-4D52-B86E-33BD20AEC3AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C73625AA-3FF3-4E4B-9C6C-09A414B92E87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE84E79E-CA6E-47FF-9E5C-98FB757D8D52}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E40079BE-C947-4663-94F7-D1D116DCEDD2}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2AA8736-652B-4FE6-B1B6-92133DE203B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{F46254FC-6546-4C6D-BC9C-AB431F00BCB6}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B59963-1574-4158-B97E-EF98A8E77D21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{03A3BC24-5EAF-4CD0-AAD3-E3E8633103FE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0642AB2F-EA15-41F1-89E5-527DDCCA1E48}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08DFBDFA-97E2-4E43-93F8-F371F4D6C829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CEE63FB-140B-4E09-B26E-A92D14BF9B13}" = protocol=58 | dir=in | [email protected],-28545 |
"{11009B4D-FFBF-4B89-BB85-E6B85DF033D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1A1BDF65-B6E0-4630-B295-74621FC0612F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{1B743D24-1DE1-4422-A73E-3543D6A5C7F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{21349D36-D6CA-43F7-9797-53571B5DFA9E}" = protocol=1 | dir=in | [email protected],-26140 |
"{26654169-AFE3-406C-A631-F7F5E62C1FC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2A568E87-A297-40ED-8C5C-B107D19246DF}" = protocol=6 | dir=in | app=c:\program files (x86)\litemanagerfree - server\romserver.exe |
"{3E4AD752-EECF-4A16-BAFF-807E73EA66FB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45A5AFC3-0DFB-49F8-AFB2-525561C4C802}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CB8BDFB-53A4-4996-829F-E11B93FB7E88}" = protocol=58 | dir=out | [email protected],-28546 |
"{4DE97D8A-E21A-4C9F-8666-7D2E351547AA}" = protocol=17 | dir=in | app=c:\program files (x86)\litemanagerfree - server\romserver.exe |
"{5056F9DF-F36C-44C5-A2D0-6A97D6926A97}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{56C71A54-95B4-47FF-B398-E7D5E8C52C5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{59FC813F-01D0-4ADE-A029-CAC55211075C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5A2F5275-5D89-453C-B898-A87283EE49D0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{5A4AF74F-DDA2-483F-BFE3-463DE9F869F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2ADAEC-402D-4CF7-945C-CC89FD9489CD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{618A2A34-593B-44DD-9141-140A6A4B1CE3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{70550BCD-2E4B-4E9F-86C5-52915EFD28CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{75616847-D940-4ACE-A80D-8D1A6F94B38D}" = protocol=1 | dir=out | [email protected],-28544 |
"{75E21E53-0D9E-4F6C-A876-9A6CB0422700}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B68DE86-7F74-4FC4-950D-5937FB54EC53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7F557523-2722-4B57-9B30-991ED396500C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{818A628D-9470-4958-87A2-D68AE4C19D91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84659E7B-EE13-4095-BCFD-A48AAB1AD3EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{871B39D7-CE28-4A62-BEFC-1B460CE41945}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A48710F-3642-4876-8211-F893B341E5A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C59A870-9A7C-4A4C-8DC5-A435BC18625F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{900650DC-6D1D-4986-ADB2-97A8B4FE1EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96C5AC8B-F440-42A3-AB28-DDFE881AC2D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A9B76328-14D1-428A-A9CA-7957F6C96FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD89AC02-5DCC-4CAA-B818-C13E33E5D670}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B6C05083-F243-481B-900F-2936C57AEED0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C0A90520-62E4-4CC9-BD23-B04F2EA55498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0CA76F7-BB33-4B95-8176-B2455A41F487}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C5A3DF8C-0900-4867-AFA4-9E750DEA9360}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5E9162A-C819-4482-A8C0-0675C77772EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C879A928-E866-487A-B285-E0F546044506}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6D242EC-6960-40C0-9F05-871C321B080B}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{DB367A6E-A15E-44FE-A071-8BF154F41366}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E147301F-1073-4FAC-80FA-3A3E5659031C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E36F93D0-A0E6-4E5D-8242-14BF4EF20B48}" = protocol=1 | dir=in | [email protected],-28543 |
"{E4C0B127-48E7-4EE7-A57F-4B3046B841F1}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EB49B4D1-B4EF-49F2-9C38-ABBF80B70D40}" = protocol=58 | dir=in | [email protected],-26142 |
"{F3946F3C-DF80-4EF2-BB3D-2226A5944B1D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F571ACA6-E0F4-400C-843A-BE5266A2198B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8402BB7-C195-4912-96A2-37A6A8DDF977}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FC5F2756-1395-4FE4-8498-FF47CB83DC2F}" = protocol=6 | dir=out | app=system |
"{FCA83381-0CFB-4302-8F49-C61BE28A7E57}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}" = HP Scanjet G4000 Series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CD886EE3-07DE-76F1-79DA-0D2C31551559}" = ccc-utility64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0879415B-4038-A4ED-276C-80E2C24502E8}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13C8577F-BA8B-452E-B440-F03DC264B9D5}" = EmEditor Professional (32-bit)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23114BAB-A7F2-160F-4CF8-20F5917C5063}" = CCC Help Dutch
"{25349513-852F-470D-AB31-9B42100C926B}" = ActiveLink Connect
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2814D1CB-7038-4EE4-8421-9C18FD571014}" = hpg4000
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D290157-1B44-1620-073B-F91546386AEF}" = CCC Help German
"{2ED790DD-7123-4EA8-8420-C914B9E162F2}" = PrintMaster Express
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4496E9B5-56AF-4A9C-BC02-BCBF63824224}" = WeightWatchers Connections 2010 Portal
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4599E55A-9861-AA8D-AD77-A62649FB1B88}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.5.6.849
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{599556F6-88AA-D1B4-BBEE-E6DBEB69E958}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61E455F8-99A8-D65F-B6E3-06B998B7F26F}" = CCC Help Greek
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E6A5BC-CA30-46DE-2A8E-C17BD52D3A60}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}" = F5 Networks VPN Client for Windows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{772E433B-907F-D183-9521-4FB6C6126E24}" = CCC Help Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{796DDBD5-999C-EE26-EB08-AD16FF82B620}" = CCC Help Italian
"{7A1107CD-A2EF-B18D-65E6-D8496CC99BB7}" = Catalyst Control Center InstallProxy
"{7C3D2C23-FF8C-DF11-1110-220FD024E94B}" = CCC Help Spanish
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{80DB9145-FFA6-A9EA-0684-6F09BCEE5324}" = CCC Help Swedish
"{8303FC1B-3B58-19D3-DBCD-DF63144463DB}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B37A414-1480-607C-8A06-3C6DAC20CA87}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC37670-CFF6-851D-F6F4-D730E2DCF827}" = CCC Help Norwegian
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94FF7296-8022-FFB5-2B31-3B72524DDF2A}" = Catalyst Control Center Graphics Previews Vista
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A760067A-C07E-1033-0000-A764AC000001}" = Avery Template - U_0052_01_P
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F5B8E0-1935-0CE0-08B3-7128820A7B08}" = CCC Help Portuguese
"{AA35FD9B-BD64-2229-371C-5217D43F3829}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AFF3DA5E-9426-57DA-3B59-9E67A426214B}" = CCC Help Turkish
"{B31F6A27-F7B6-EA98-2168-B256A929F49B}" = Catalyst Control Center Localization All
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B82285B9-60A7-85E6-2AFF-F7CC65530EA1}" = CCC Help Russian
"{B9845F2F-455C-4E76-9599-159AE471DB59}_is1" = Subvein Mutant Factions v0.74
"{BAC15A55-B97D-AD8C-54AF-5E6B681BC839}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF73A77C-55FD-4F59-928C-DBFDEC52E623}" = Catalyst Control Center Core Implementation
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5177FC1-B7C4-41DE-129F-54B273EBCD09}" = Catalyst Control Center Graphics Previews Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7C05C54-21D1-4DA7-9473-C47CB13D6A40}" = CCC Help Czech
"{C9F3DB27-447C-8569-9E5A-F2DB69C5BE4D}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D584C0DD-5994-8AC4-FC21-ED1E5F3B3B95}" = CCC Help English
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DD794783-8313-CEFC-0A34-B9F596B09F76}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFC3AA0C-E8F1-2DCB-4EA2-073E20131FC5}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA2AD46D-06FB-8883-6CE5-349EC371D173}" = CCC Help Finnish
"{FB3E4248-8793-6A02-7862-4D56FABC814B}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5354-7805-5584-7015" = PrintMaster 2012 Gold
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Combat Arms" = Combat Arms
"ID Vault" = Constant Guard Protection Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"N360" = Norton Security Suite
"Picasa 3" = Picasa 3
"The Complete National Geographic 1.59" = The Complete National Geographic
"Windows Password Rescuer Personal" = Windows Password Rescuer Personal
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"Youtube Saved" = Youtube Saved
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveLink Connect" = ActiveLink Connect
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:09:00 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1188 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:10:42 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1289 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1696 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1696 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Could not write data to client after 1697 seconds, 5 replies
waiting

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: Client unresponsive; aborting connection

Error - 7/7/2013 10:17:29 PM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = 476: DNSServiceBrowse _apple-mobdev._tcp.local.

Error - 7/8/2013 6:39:51 AM | Computer Name = Anderson-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:6c:1c:15:ad:f5@fe80::7a6c:1cff:fe15:adf5._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ Media Center Events ]
Error - 5/27/2012 2:57:32 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:57:32 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 3:58:17 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 3:58:17 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/27/2012 2:02:52 PM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:02:49 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:57:39 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:57:39 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/28/2012 2:50:46 PM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:50:33 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/29/2012 2:39:07 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:39:07 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 6/15/2012 7:31:56 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 7:31:56 AM - Error connecting to the internet. 7:31:56 AM - Unable
to contact server..

Error - 6/15/2012 7:32:10 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 7:32:01 AM - Error connecting to the internet. 7:32:01 AM - Unable
to contact server..

Error - 3/18/2013 2:30:02 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:30:02 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 5/24/2013 2:13:57 AM | Computer Name = Anderson-PC | Source = MCUpdate | ID = 0
Description = 2:13:52 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 7/22/2013 12:06:07 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/22/2013 12:08:29 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/22/2013 12:08:29 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/22/2013 12:08:29 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = PNRPSvc | ID = 102
Description =

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/22/2013 12:08:39 AM | Computer Name = Anderson-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535


< End of report >
  • 0

#14
pjlla
Posted 22 July 2013 - 09:08 AM

pjlla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
PS.. Things seem to be improving more... THanks

I'll also be out for a business trip and returning tomorow PM. So I won't be able to respond quickly.
  • 0

#15
Phel
Posted 22 July 2013 - 02:47 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

So I won't be able to respond quickly.


Don't worry about that. ;) Below are next instructions for you. When you will be back, please go through them.

How your computer is running now?

Step 1. MBAM scan.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP