Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Win32.Mal.gen!b3 [Closed]


  • This topic is locked This topic is locked

#1
texred

texred

    Member

  • Member
  • PipPip
  • 54 posts
I have been using Stopzilla for security, and it keeps quarantining this virus, but it always reappears; sometimes as C:\Users\tania\AppData\Local\Temp\SlimDrivers.dmp OR C:\users\tania\appdata\locallow\\televisionfanatic\installr\cache\0007d577.exe. I have supposedly deleted tvf & sd with Revo uninstaller. I have been told by HP TS and AT&T TS that abnormal amounts of data are coming from my computer-I'm thinking (only an end user!) that I've got a backdoor associated with trojan? The quarantine has also shown different locations a while back. Needless to say, none of the above tech support volunteered any help. I have been screwing with this for months and fortunately don't have any money or it would be all gone anyway. Mr. Fixit says nothing is wrong with computer {HP G71/Win 7 Home Premium/sp 1}. Symptoms include very slow starting, sometimes necessarily in safe mode, general lack of speed, printing problems (thoroughly researched thru HP)with websites and email, and Stopzilla (paid version)warnings. Have performed defrags, cleared temp files, recycle, and cache. Ran CCleaner, and used System Restore several times.
Thanks,
texred

OTL logfile created on: 9/18/2013 5:10:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 32.97% Memory free
7.93 Gb Paging File | 5.11 Gb Available in Paging File | 64.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 139.13 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 17:10:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL.exe
PRC - [2013/09/10 12:56:41 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/02 13:03:12 | 001,360,192 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/08/17 11:34:53 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/23 13:59:46 | 004,740,208 | ---- | M] (ParetoLogic, Inc.) -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
PRC - [2013/07/16 13:56:56 | 000,057,136 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2013/07/16 13:56:54 | 000,235,824 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/10 12:56:40 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/08/17 11:34:50 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/15 19:14:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 15:23:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2013/08/15 15:23:25 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 15:23:24 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 15:23:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 15:22:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 15:22:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:20:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:19:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 15:19:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/23 13:59:54 | 000,925,808 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\Utility.pxt
MOD - [2013/07/23 13:59:52 | 000,138,864 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegHookSpecialist.pxt
MOD - [2013/07/23 13:59:48 | 000,153,712 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\CommonSpecialist.pxt
MOD - [2013/07/23 13:59:48 | 000,083,568 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\ExtensionManager.dll
MOD - [2013/07/23 13:59:46 | 000,155,248 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\CommonLoggingExtension.pxt
MOD - [2013/07/11 03:50:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/27 08:51:58 | 003,888,640 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\MPCBIconOverlays.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/30 18:49:16 | 000,548,352 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\7ZipDLL.dll
MOD - [2011/09/25 21:22:54 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\LiteUnzip.dll
MOD - [2011/09/25 21:22:54 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ParetoLogic\RegCure Pro\LiteZip.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/18 08:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\x86\System.Data.SQLite.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/13 21:56:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/08/17 11:34:51 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/16 13:56:56 | 000,057,136 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2013/05/27 08:58:14 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\ZipCloud\BackupStack.exe -- (BackupStack)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/09 19:26:22 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/07/16 13:49:42 | 000,082,872 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
IE - HKCU\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Startpage HTTPS"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: printwithoutads%40oleg.vaskevich:1.2
FF - prefs.js..extensions.enabledAddons: %7B6bdc61ae-7b80-44a3-9476-e1d121ec2238%7D:0.85
FF - prefs.js..extensions.enabledAddons: %7BE71B541F-5E72-5555-A47C-E47863195841%7D:1.0.33
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: vincent.piras%40gmail.com:1.0.2
FF - prefs.js..extensions.enabledAddons: %7Bbadea1ae-72ed-4f6a-8c37-4db9a4ac7bc9%7D:1.0
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2.2
FF - prefs.js..extensions.enabledAddons: %7Bb0e1b4a6-2c6f-4e99-94f2-8e625d7ae255%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:10.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130917
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.26224
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://google/ig"
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.mywebs...wUQ&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/13 22:03:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/13 22:03:21 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/09/18 14:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions
[2013/09/18 12:02:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/31 16:25:20 | 000,000,000 | ---D | M] (Address Bar Search) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
[2013/07/05 02:21:12 | 000,000,000 | ---D | M] ("SimilarSites") -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
[2013/09/02 18:20:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\[email protected]
[2013/07/05 02:21:12 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/07/02 16:36:01 | 000,565,248 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/05 10:20:10 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/14 11:16:05 | 000,098,733 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/03/16 08:51:51 | 000,013,620 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/07/05 02:26:41 | 000,004,541 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/06/26 12:57:30 | 000,073,384 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{6bdc61ae-7b80-44a3-9476-e1d121ec2238}.xpi
[2013/09/09 11:37:36 | 000,242,531 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi
[2013/08/08 12:36:21 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/13 15:19:46 | 000,002,299 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\askcom.xml
[2013/07/20 15:23:23 | 000,001,988 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\search.xml
[2013/06/23 12:53:23 | 000,002,160 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\startpage-https.xml
[2013/06/23 12:50:49 | 000,002,152 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\startpage.xml
[2013/08/03 22:07:33 | 000,000,904 | ---- | M] () -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\searchplugins\yahoo.xml
[2013/08/18 19:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 11:34:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/17 11:34:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/18 19:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 11:34:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/27 01:37:35 | 000,427,261 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14713 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64" File not found
O4 - Startup: C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe (ZipCloud.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/09/18 15:41:33 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/09/18 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/09/18 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/18 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/09/17 14:02:53 | 000,000,000 | ---D | C] -- C:\ae16f029416365a3a54a680c64d680
[2013/09/02 20:31:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows_files
[2013/09/02 18:43:29 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Diana Nyad completes epic 110-mile Cuba-to-Florida swim at age 64, without shark cage _ Fox News_files
[2013/09/01 13:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicasaWebPublisher
[2013/08/27 03:22:17 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\eBay Shipping_files
[2013/08/21 16:21:42 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Proxy server - Wikipedia, the free encyclopedia_files
[2013/08/20 21:06:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Downloads
[2013/08/20 21:06:27 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2013/08/20 21:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2013/08/20 21:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2013/08/20 14:12:17 | 000,000,000 | ---D | C] -- C:\Mental Health & Criminal Justice
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/18 17:10:00 | 000,021,120 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/09/18 16:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/18 15:41:58 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/09/18 15:41:33 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\RegCure Pro Startup.job
[2013/09/18 15:41:31 | 000,001,190 | ---- | M] () -- C:\Users\tania\Desktop\RegCure Pro.lnk
[2013/09/18 15:41:31 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/09/18 15:41:29 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/09/18 15:41:28 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
[2013/09/18 14:41:13 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/09/18 12:09:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 12:09:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 11:59:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/18 11:59:22 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/17 20:51:48 | 000,127,092 | ---- | M] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/17 14:01:13 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/17 14:01:13 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/17 14:01:12 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/14 16:26:30 | 000,170,704 | ---- | M] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/14 11:11:06 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 15:05:06 | 000,108,470 | ---- | M] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/09 19:26:22 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/09/08 18:15:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/09/08 17:59:09 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/09/03 12:51:09 | 000,169,443 | ---- | M] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | M] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:42 | 000,846,910 | ---- | M] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[2013/08/27 03:22:18 | 000,026,785 | ---- | M] () -- C:\Users\tania\Desktop\eBay Shipping.htm
[2013/08/25 14:34:50 | 429,447,416 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/22 14:17:37 | 001,556,877 | ---- | M] () -- C:\Users\tania\Documents\DoraSNAP.pdf
[2013/08/21 16:21:45 | 000,278,091 | ---- | M] () -- C:\Users\tania\Documents\Proxy server - Wikipedia, the free encyclopedia.htm
[2013/08/20 21:07:33 | 000,000,803 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2013/08/20 21:02:14 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 15:41:58 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/09/18 15:41:31 | 000,001,190 | ---- | C] () -- C:\Users\tania\Desktop\RegCure Pro.lnk
[2013/09/18 15:41:31 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\RegCure Pro Startup.job
[2013/09/18 15:41:29 | 000,000,494 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/09/18 15:41:29 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/09/18 15:41:27 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\RegCure Pro.job
[2013/09/18 12:00:18 | 000,021,120 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/09/17 20:51:45 | 000,127,092 | ---- | C] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:27 | 000,170,704 | ---- | C] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:04 | 000,108,470 | ---- | C] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/03 12:51:09 | 000,169,443 | ---- | C] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | C] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:33 | 000,846,910 | ---- | C] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[2013/08/27 03:22:16 | 000,026,785 | ---- | C] () -- C:\Users\tania\Desktop\eBay Shipping.htm
[2013/08/22 14:17:36 | 001,556,877 | ---- | C] () -- C:\Users\tania\Documents\DoraSNAP.pdf
[2013/08/21 21:43:23 | 429,447,416 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/21 16:21:42 | 000,278,091 | ---- | C] () -- C:\Users\tania\Documents\Proxy server - Wikipedia, the free encyclopedia.htm
[2013/08/20 21:02:14 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/08/20 21:02:02 | 000,000,803 | ---- | C] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/09 08:03:25 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/04/23 20:52:50 | 000,880,894 | ---- | C] () -- C:\Users\tania\AppData\Local\census.cache
[2013/04/23 20:52:08 | 000,127,111 | ---- | C] () -- C:\Users\tania\AppData\Local\ars.cache
[2013/04/23 20:39:43 | 000,000,036 | ---- | C] () -- C:\Users\tania\AppData\Local\housecall.guid.cache
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/08/22 15:18:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/06/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TuneUp Software
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer
[2013/07/06 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 973 bytes -> C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 910 bytes -> C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty
@Alternate Data Stream - 572 bytes -> C:\Users\tania\Documents\Refund.eml:OECustomProperty
@Alternate Data Stream - 11823 bytes -> C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty
@Alternate Data Stream - 1091 bytes -> C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty

< End of report >

Attached Files

  • Attached File  OTL.Txt   125.75KB   52 downloads

  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello texred :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.


Firstly, you have entitled your topic Trojan.Win32.Mal.gen!b3 Where is this from, Stopzilla?

Next I have 3 scans for you to do which will produce 4 logs. I would like you to run OTL again as the scan I have provided below gives me a more in-depth look. There is a reminder of the logs I need at the bottom of this post :)

1. OTL Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

2. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply


3. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.
  • OTL.txt
  • Extras.txt
  • aswMBR.txt
  • checkup.txt

  • 0

#3
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Is this the correct way to respond to only you? Please advise-
Hi. Just read your reply, nice to meet you, Nutloaf (won't ask). Please be patient with my replies, also. I am truly an end user, if there ever was. I need to tell you I am extremely embarrassed with some files in here-recently discovered them, and as I am going through divorce, have left them on for my attorney. Sorry.
Yes, the topic name is from Stopzilla. I have to go OOT tomorrow, but will begin working on your requisites this eve.
Thank you so much for your time, skills, and patience. Later!
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Pleased to meet you also :)

Is this the correct way to respond to only you? Please advise-

This is the correct place to post for the cleaning of your machine. If you need to disclose information that is personel and don't want shared then you can request here for a Personel Message to me. I will then show you how.

Nutloaf (won't ask).

Won't tell then :P ......and it's a boring story anyway :)

Only us Geeks look at the logs, you'd have to be insane to look at them recreationally :thumbsup:
  • 0

#5
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred :)

Are you still in need of assistance?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#8
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hooray and welcome back!
  • 0

#9
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 10/1/2013 4:41:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.67% Memory free
7.93 Gb Paging File | 5.76 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 138.37 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 16:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL(1).exe
PRC - [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/24 14:00:34 | 000,354,608 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\SZScanner.exe
PRC - [2013/09/24 14:00:34 | 000,057,136 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2013/09/24 14:00:32 | 000,383,280 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2013/09/24 14:00:32 | 000,244,016 | R--- | M] (iS3 Inc.) -- c:\Program Files (x86)\STOPzilla!\IS3Updater.exe
PRC - [2013/09/10 12:56:41 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/02 13:03:12 | 001,360,192 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 11:22:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/10 12:56:40 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/08/15 19:14:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 15:23:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2013/08/15 15:23:25 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 15:23:24 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 15:23:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 15:22:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 15:22:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:20:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:19:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 15:19:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:50:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/27 08:51:58 | 003,888,640 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\MPCBIconOverlays.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/18 08:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\x86\System.Data.SQLite.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/01 11:22:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/24 14:00:34 | 000,057,136 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2013/09/19 15:56:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/24 13:51:44 | 000,082,872 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/09/09 19:26:22 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Startpage HTTPS"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.26224
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://google/ig"
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.mywebs...wUQ&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/09/28 19:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions
[2013/09/27 13:24:20 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/09/26 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\sa3frivy.default-1380226944373\extensions
[2013/09/28 19:33:35 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:24:18 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:22:10 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/28 19:30:44 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/27 13:24:18 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/09/28 19:31:39 | 000,700,980 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/09/26 16:50:30 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/09/26 16:44:58 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 11:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 11:22:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/27 01:37:35 | 000,427,261 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14713 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [SkyDrive] "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64" File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
O4 - Startup: C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe (ZipCloud.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/01 16:08:49 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\erunt(2)
[2013/10/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\erunt
[2013/10/01 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/29 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/29 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/29 13:27:15 | 000,047,496 | R--- | C] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2013/09/29 13:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2013/09/26 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Old Firefox Data
[2013/09/24 13:51:44 | 000,082,872 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | C] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\SZKG64.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | C] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\is3srv64.sys
[2013/09/20 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\riverinsurance
[2013/09/20 11:56:26 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\River
[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/09/18 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/17 14:02:53 | 000,000,000 | ---D | C] -- C:\ae16f029416365a3a54a680c64d680
[2013/09/02 20:31:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows_files
[2013/09/02 18:43:29 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Diana Nyad completes epic 110-mile Cuba-to-Florida swim at age 64, without shark cage _ Fox News_files
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 16:34:37 | 000,003,432 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/01 16:14:03 | 000,004,659 | ---- | M] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/10/01 16:01:41 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2013/10/01 15:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 15:48:22 | 000,002,044 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/01 12:51:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 10:27:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 10:27:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 10:19:27 | 421,693,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/01 10:19:24 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 17:54:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/29 14:12:23 | 000,001,130 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/09/29 14:12:23 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/09/28 20:41:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/09/24 13:51:44 | 000,082,872 | R--- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/09/24 13:51:44 | 000,047,496 | R--- | M] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2013/09/24 13:51:38 | 000,074,768 | R--- | M] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\SZKG64.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | M] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\is3srv64.sys
[2013/09/21 21:19:15 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/20 11:46:16 | 000,013,571 | ---- | M] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | M] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:47:15 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/19 15:47:15 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 15:47:15 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/19 15:06:13 | 000,100,320 | ---- | M] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/19 00:08:27 | 000,227,081 | ---- | M] () -- C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm
[2013/09/18 23:51:08 | 000,026,383 | ---- | M] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:48 | 000,127,092 | ---- | M] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:30 | 000,170,704 | ---- | M] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:06 | 000,108,470 | ---- | M] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/09 19:26:22 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/09/08 18:15:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/09/08 17:59:09 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/09/03 12:51:09 | 000,169,443 | ---- | M] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | M] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:42 | 000,846,910 | ---- | M] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/01 16:14:02 | 000,004,659 | ---- | C] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/10/01 10:20:31 | 000,003,432 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/09/29 17:54:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/20 11:46:16 | 000,013,571 | ---- | C] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | C] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:06:10 | 000,100,320 | ---- | C] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/19 00:08:23 | 000,227,081 | ---- | C] () -- C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm
[2013/09/18 23:51:01 | 000,026,383 | ---- | C] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:45 | 000,127,092 | ---- | C] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:27 | 000,170,704 | ---- | C] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:04 | 000,108,470 | ---- | C] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/03 12:51:09 | 000,169,443 | ---- | C] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | C] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:33 | 000,846,910 | ---- | C] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/09 08:03:25 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/04/23 20:52:50 | 000,880,894 | ---- | C] () -- C:\Users\tania\AppData\Local\census.cache
[2013/04/23 20:52:08 | 000,127,111 | ---- | C] () -- C:\Users\tania\AppData\Local\ars.cache
[2013/04/23 20:39:43 | 000,000,036 | ---- | C] () -- C:\Users\tania\AppData\Local\housecall.guid.cache
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/10/01 10:18:13 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/06/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TuneUp Software
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer
[2013/07/06 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< \md5start >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/01 02:21:21 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/06 19:34:54 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleFortania.job

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

< \md5stop >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is AC64-2EFE
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\tania
03/31/2010 02:29 PM <JUNCTION> Application Data [C:\Users\tania\AppData\Roaming]
03/31/2010 02:29 PM <JUNCTION> Cookies [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Cookies]
03/31/2010 02:29 PM <JUNCTION> Local Settings [C:\Users\tania\AppData\Local]
03/31/2010 02:29 PM <JUNCTION> My Documents [C:\Users\tania\Documents]
03/31/2010 02:29 PM <JUNCTION> NetHood [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/31/2010 02:29 PM <JUNCTION> PrintHood [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/31/2010 02:29 PM <JUNCTION> Recent [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Recent]
03/31/2010 02:29 PM <JUNCTION> SendTo [C:\Users\tania\AppData\Roaming\Microsoft\Windows\SendTo]
03/31/2010 02:29 PM <JUNCTION> Start Menu [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu]
03/31/2010 02:29 PM <JUNCTION> Templates [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\tania\AppData\Local
03/31/2010 02:29 PM <JUNCTION> Application Data [C:\Users\tania\AppData\Local]
03/31/2010 02:29 PM <JUNCTION> History [C:\Users\tania\AppData\Local\Microsoft\Windows\History]
03/31/2010 02:29 PM <JUNCTION> Temporary Internet Files [C:\Users\tania\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\tania\Documents
03/31/2010 02:29 PM <JUNCTION> My Music [C:\Users\tania\Music]
03/31/2010 02:29 PM <JUNCTION> My Pictures [C:\Users\tania\Pictures]
03/31/2010 02:29 PM <JUNCTION> My Videos [C:\Users\tania\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
04/29/2013 07:18 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
04/29/2013 07:18 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
04/29/2013 07:18 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
04/29/2013 07:18 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
04/29/2013 07:18 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2013 07:18 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2013 07:18 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2013 07:18 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2013 07:18 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2013 07:18 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
04/29/2013 07:18 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
04/29/2013 07:18 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
04/29/2013 07:18 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
04/29/2013 07:18 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
04/29/2013 07:18 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
04/29/2013 07:18 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/10/2013 12:21 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013 12:21 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/10/2013 12:21 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
08/10/2013 12:21 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/10/2013 12:21 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/10/2013 12:21 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/10/2013 12:21 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013 12:21 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/10/2013 12:21 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
08/10/2013 12:21 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/10/2013 12:21 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/10/2013 12:21 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
86 Dir(s) 148,570,206,208 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 973 bytes -> C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 910 bytes -> C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty
@Alternate Data Stream - 572 bytes -> C:\Users\tania\Documents\Refund.eml:OECustomProperty
@Alternate Data Stream - 11823 bytes -> C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty
@Alternate Data Stream - 1091 bytes -> C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty

< End of report >
  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Texred :)

Thanks for the OTL scan. I also need the Extras log as well as the logs from the other tools to be able to carry on. Here's how:


The Extras.txt will be saved in the same location as OTL, which is your Downloads Folder. (should have been saved to your desktop - Right click the OTL icon select cut right click your Desktop and select paste.)


please run these 2 programs for the other 2 log files

1. ASWmbr

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

2. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.

  • Extras.txt
  • aswMBR.txt
  • checkup.txt

  • 0

Advertisements


#11
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 10/1/2013 4:41:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.67% Memory free
7.93 Gb Paging File | 5.76 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 138.37 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/01 16:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tania\Downloads\OTL(1).exe
PRC - [2013/10/01 11:22:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/24 14:00:34 | 000,354,608 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\SZScanner.exe
PRC - [2013/09/24 14:00:34 | 000,057,136 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\SZServer.exe
PRC - [2013/09/24 14:00:32 | 000,383,280 | R--- | M] (iS3, Inc.) -- c:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2013/09/24 14:00:32 | 000,244,016 | R--- | M] (iS3 Inc.) -- c:\Program Files (x86)\STOPzilla!\IS3Updater.exe
PRC - [2013/09/10 12:56:41 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/02 13:03:12 | 001,360,192 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/01 11:22:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/10 12:56:40 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/02 10:49:18 | 009,161,848 | ---- | M] () -- C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
MOD - [2013/08/15 19:14:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 15:23:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2013/08/15 15:23:25 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 15:23:24 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 15:23:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 15:22:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 15:22:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 15:20:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 15:19:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 15:19:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:50:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/27 08:51:58 | 003,888,640 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\MPCBIconOverlays.dll
MOD - [2012/12/18 11:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 11:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 11:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 11:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 11:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 11:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 11:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 11:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 11:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 11:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 11:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 11:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 11:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 11:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 11:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 11:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 11:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 11:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/18 08:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\ZipCloud\x86\System.Data.SQLite.dll
MOD - [2009/08/20 14:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 14:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 14:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/01 11:22:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/24 14:00:34 | 000,057,136 | R--- | M] (iS3, Inc.) [Auto | Running] -- c:\Program Files (x86)\STOPzilla!\SZServer.exe -- (szserver)
SRV - [2013/09/19 15:56:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 13:00:36 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/12/18 11:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2012/12/07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/24 13:51:44 | 000,082,872 | R--- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2013/09/09 19:26:22 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/07 18:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/10/24 19:31:18 | 003,802,112 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/09/18 04:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 15:23:06 | 000,025,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WFPFilter.sys -- (SCWFPFilter)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNOBEX.sys -- (PSMNOBEX)
DRV:64bit: - [2011/10/07 02:35:32 | 000,183,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNVSP.sys -- (PSMNVSP)
DRV:64bit: - [2011/10/07 02:35:30 | 000,183,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNMDM.sys -- (PSMNMDM)
DRV:64bit: - [2011/10/07 02:35:30 | 000,102,784 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSMNBUS.sys -- (PSMNBUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 18:07:33 | 000,102,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swiwdmbusx64.sys -- (swiwdmbus)
DRV:64bit: - [2010/06/21 17:51:29 | 000,210,944 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3)
DRV:64bit: - [2010/06/21 17:51:01 | 000,240,640 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 16:55:54 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpGmb001.sys -- (HpGmb001)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{758773B2-006B-40D7-A1CA-F7F4699FB5D6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{75C2B350-05F2-40AF-8A81-832457E761D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896

IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes,DefaultScope = {220117E9-BE54-4F78-93A1-0C5A24D78E20}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{220117E9-BE54-4F78-93A1-0C5A24D78E20}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{BD37D5D9-48D6-405F-963E-3143A886D19D}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\SearchScopes\{F8210686-6ADB-46B0-B312-807299324CC5}: "URL" = http://websearch.ask...53-791FB6E0B4C2
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Startpage HTTPS"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.protopage...om/siempresola"
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.0.26224
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://google/ig"
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.mywebs...wUQ&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\5.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/01 11:22:15 | 000,000,000 | ---D | M]

[2010/07/25 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Extensions
[2013/09/28 19:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions
[2013/09/27 13:24:20 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\j5oh9g3x.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/09/26 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\Firefox\Profiles\sa3frivy.default-1380226944373\extensions
[2013/09/28 19:33:35 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:24:18 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/27 13:22:10 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\[email protected]
[2013/09/28 19:30:44 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/27 13:24:18 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/09/28 19:31:39 | 000,700,980 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\j5oh9g3x.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/09/26 16:50:30 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/09/26 16:44:58 | 000,096,236 | ---- | M] () (No name found) -- C:\Users\tania\AppData\Roaming\mozilla\firefox\profiles\sa3frivy.default-1380226944373\extensions\[email protected]
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/01 11:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 11:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/01 11:22:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/27 01:37:35 | 000,427,261 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14713 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\Run: [SkyDrive] "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64" File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004..\RunOnce: [Uninstall C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\tania\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_2\amd64" File not found
O4 - Startup: C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe (ZipCloud.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple ([]* in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: apple.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKU\S-1-5-21-485409517-1736587146-2298806430-1004\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A9FD8-AC1A-4B36-BDF2-638DA9579CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{acf95276-91f3-11e0-8467-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-485409517-1736587146-2298806430-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/01 16:08:49 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\erunt(2)
[2013/10/01 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\erunt
[2013/10/01 11:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/29 17:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/29 17:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/29 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/29 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/29 13:27:15 | 000,047,496 | R--- | C] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2013/09/29 13:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2013/09/26 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\Old Firefox Data
[2013/09/24 13:51:44 | 000,082,872 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | C] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\SZKG64.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | C] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\is3srv64.sys
[2013/09/20 11:57:07 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\riverinsurance
[2013/09/20 11:56:26 | 000,000,000 | ---D | C] -- C:\Users\tania\Desktop\River
[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/09/18 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/09/18 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/09/17 14:02:53 | 000,000,000 | ---D | C] -- C:\ae16f029416365a3a54a680c64d680
[2013/09/02 20:31:33 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows_files
[2013/09/02 18:43:29 | 000,000,000 | ---D | C] -- C:\Users\tania\Documents\Diana Nyad completes epic 110-mile Cuba-to-Florida swim at age 64, without shark cage _ Fox News_files
[2009/04/02 23:53:18 | 001,611,776 | ---- | C] (Alex Feinman) -- C:\Program Files\ISORecorder.dll
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 16:34:37 | 000,003,432 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/10/01 16:14:03 | 000,004,659 | ---- | M] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/10/01 16:01:41 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2013/10/01 15:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 15:48:22 | 000,002,044 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/10/01 12:51:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 10:27:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 10:27:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 10:19:27 | 421,693,688 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/01 10:19:24 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 17:54:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/29 14:12:23 | 000,001,130 | ---- | M] () -- C:\Users\tania\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2013/09/29 14:12:23 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013/09/28 20:41:07 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortania.job
[2013/09/24 13:51:44 | 000,082,872 | R--- | M] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/09/24 13:51:44 | 000,047,496 | R--- | M] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2013/09/24 13:51:38 | 000,074,768 | R--- | M] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\SZKG64.sys
[2013/09/24 13:51:38 | 000,074,768 | R--- | M] (iS3 Inc.) -- C:\Windows\SysWow64\drivers\is3srv64.sys
[2013/09/21 21:19:15 | 000,437,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/20 11:46:16 | 000,013,571 | ---- | M] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | M] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:47:15 | 000,778,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/19 15:47:15 | 000,660,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 15:47:15 | 000,121,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/19 15:06:13 | 000,100,320 | ---- | M] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/19 00:08:27 | 000,227,081 | ---- | M] () -- C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm
[2013/09/18 23:51:08 | 000,026,383 | ---- | M] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:48 | 000,127,092 | ---- | M] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:30 | 000,170,704 | ---- | M] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:06 | 000,108,470 | ---- | M] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/09 19:26:22 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/09/08 18:15:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/09/08 17:59:09 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/09/03 12:51:09 | 000,169,443 | ---- | M] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | M] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:42 | 000,846,910 | ---- | M] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/01 16:14:02 | 000,004,659 | ---- | C] () -- C:\Users\tania\Desktop\erunt(2).search-ms
[2013/10/01 10:20:31 | 000,003,432 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2013/09/29 17:54:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/20 11:46:16 | 000,013,571 | ---- | C] () -- C:\Users\tania\Desktop\Fred Keller letter.odt
[2013/09/20 11:46:16 | 000,010,094 | ---- | C] () -- C:\Users\tania\Desktop\Shuttle Driver Statements.odt
[2013/09/19 15:06:10 | 000,100,320 | ---- | C] () -- C:\Users\tania\Desktop\ORDER RECOVERY DISC.htm
[2013/09/19 00:08:23 | 000,227,081 | ---- | C] () -- C:\Users\tania\Desktop\FIX WIN32 TROJAN.htm
[2013/09/18 23:51:01 | 000,026,383 | ---- | C] () -- C:\Users\tania\Documents\Alpine's Missing $30M 2013.htm
[2013/09/17 20:51:45 | 000,127,092 | ---- | C] () -- C:\Users\tania\Documents\Cirrhosis Death.htm
[2013/09/14 16:26:27 | 000,170,704 | ---- | C] () -- C:\Users\tania\Desktop\Foye's Principles of Medicinal Chemistry -Spiriva & Glaucoma.htm
[2013/09/11 15:05:04 | 000,108,470 | ---- | C] () -- C:\Users\tania\Desktop\NIKON MANUAL.htm
[2013/09/03 12:51:09 | 000,169,443 | ---- | C] () -- C:\Users\tania\Documents\TednStang.jpg
[2013/09/03 12:45:13 | 000,169,156 | ---- | C] () -- C:\Users\tania\Documents\Scan0002.jpg
[2013/09/02 20:31:33 | 000,846,910 | ---- | C] () -- C:\Users\tania\Documents\Stress Prompts Anxiety Because Of Immune Cells Recruited To Brain, Animal Study Shows.htm
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2013/08/10 12:27:28 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Home
[2013/08/10 12:27:28 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2013/08/10 12:27:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section
[2013/08/10 12:21:42 | 000,000,268 | RH-- | C] () -- C:\Users\tania\AppData\Roaming\Helper Scripts
[2013/08/10 12:21:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2013/08/10 12:21:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Icons
[2013/07/09 08:03:25 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2013/07/08 12:20:01 | 000,000,150 | ---- | C] () -- C:\Users\tania\AppData\Roaming\wklnhst.dat
[2013/07/01 07:54:50 | 000,007,604 | ---- | C] () -- C:\Users\tania\AppData\Local\Resmon.ResmonCfg
[2013/06/26 02:49:50 | 000,003,696 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/25 17:43:19 | 000,000,632 | RHS- | C] () -- C:\Users\tania\ntuser.pol
[2013/05/02 20:27:05 | 000,231,115 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013/04/23 20:52:50 | 000,880,894 | ---- | C] () -- C:\Users\tania\AppData\Local\census.cache
[2013/04/23 20:52:08 | 000,127,111 | ---- | C] () -- C:\Users\tania\AppData\Local\ars.cache
[2013/04/23 20:39:43 | 000,000,036 | ---- | C] () -- C:\Users\tania\AppData\Local\housecall.guid.cache
[2013/03/09 19:03:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/15 09:41:05 | 000,773,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/23 23:29:07 | 000,000,000 | ---- | C] () -- C:\Users\tania\AppData\Local\{97C5227C-4219-42D8-9662-028AA51A8853}
[2011/02/11 15:34:34 | 000,001,854 | ---- | C] () -- C:\Users\tania\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 23:25:57 | 000,004,096 | -H-- | C] () -- C:\Users\tania\AppData\Local\keyfile3.drm
[2009/03/13 00:16:34 | 000,008,926 | ---- | C] () -- C:\Program Files\Resource.h
[2009/01/24 18:59:36 | 000,038,400 | ---- | C] () -- C:\Program Files\ShellExec.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Allmyapps
[2012/03/05 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Audacity
[2013/04/07 19:38:47 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\DriverCure
[2013/07/15 05:27:01 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Scanner Images
[2013/07/17 12:58:45 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Foxit Software
[2013/07/09 06:53:52 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Free PDF to Word Converter
[2013/08/20 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\GetRightToGo
[2012/11/12 03:20:39 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Leadertech
[2013/07/01 06:47:23 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\libimobiledevice
[2013/08/18 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\MyMorph
[2013/09/08 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Nikon
[2013/03/24 23:29:05 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\oCam
[2013/04/13 07:31:26 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Pantech
[2013/09/18 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\ParetoLogic
[2013/03/19 05:27:40 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PC Suite
[2013/10/01 10:18:13 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\PCHC
[2012/03/05 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Product_RM
[2013/07/13 01:00:14 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TachoPlus-FreeDriver
[2013/07/13 01:10:58 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TeamViewer
[2013/07/08 12:20:04 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Template
[2013/06/26 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\TuneUp Software
[2013/05/11 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\WinBatch
[2013/06/11 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Windows Live Writer
[2013/07/06 15:51:49 | 000,000,000 | ---D | M] -- C:\Users\tania\AppData\Roaming\Wondershare

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< \md5start >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/01 02:21:21 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/03/06 19:34:54 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleFortania.job

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

< \md5stop >

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is AC64-2EFE
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\tania
03/31/2010 02:29 PM <JUNCTION> Application Data [C:\Users\tania\AppData\Roaming]
03/31/2010 02:29 PM <JUNCTION> Cookies [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Cookies]
03/31/2010 02:29 PM <JUNCTION> Local Settings [C:\Users\tania\AppData\Local]
03/31/2010 02:29 PM <JUNCTION> My Documents [C:\Users\tania\Documents]
03/31/2010 02:29 PM <JUNCTION> NetHood [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/31/2010 02:29 PM <JUNCTION> PrintHood [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/31/2010 02:29 PM <JUNCTION> Recent [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Recent]
03/31/2010 02:29 PM <JUNCTION> SendTo [C:\Users\tania\AppData\Roaming\Microsoft\Windows\SendTo]
03/31/2010 02:29 PM <JUNCTION> Start Menu [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Start Menu]
03/31/2010 02:29 PM <JUNCTION> Templates [C:\Users\tania\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\tania\AppData\Local
03/31/2010 02:29 PM <JUNCTION> Application Data [C:\Users\tania\AppData\Local]
03/31/2010 02:29 PM <JUNCTION> History [C:\Users\tania\AppData\Local\Microsoft\Windows\History]
03/31/2010 02:29 PM <JUNCTION> Temporary Internet Files [C:\Users\tania\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\tania\Documents
03/31/2010 02:29 PM <JUNCTION> My Music [C:\Users\tania\Music]
03/31/2010 02:29 PM <JUNCTION> My Pictures [C:\Users\tania\Pictures]
03/31/2010 02:29 PM <JUNCTION> My Videos [C:\Users\tania\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
04/29/2013 07:18 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
04/29/2013 07:18 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
04/29/2013 07:18 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
04/29/2013 07:18 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
04/29/2013 07:18 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/29/2013 07:18 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/29/2013 07:18 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
04/29/2013 07:18 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
04/29/2013 07:18 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
04/29/2013 07:18 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
04/29/2013 07:18 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
04/29/2013 07:18 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
04/29/2013 07:18 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
04/29/2013 07:18 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
04/29/2013 07:18 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
04/29/2013 07:18 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/10/2013 12:21 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013 12:21 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/10/2013 12:21 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
08/10/2013 12:21 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/10/2013 12:21 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/10/2013 12:21 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/10/2013 12:21 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013 12:21 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
08/10/2013 12:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/10/2013 12:21 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/10/2013 12:21 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
08/10/2013 12:21 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
08/10/2013 12:21 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
08/10/2013 12:21 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
86 Dir(s) 148,570,206,208 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 973 bytes -> C:\Users\tania\Documents\int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 910 bytes -> C:\Users\tania\Documents\Re_ int intelius cm Has Not Responded_ Next Step___.eml:OECustomProperty
@Alternate Data Stream - 885 bytes -> C:\Users\tania\Documents\[Spokeo Support Center] Re_ Opt-out.eml:OECustomProperty
@Alternate Data Stream - 572 bytes -> C:\Users\tania\Documents\Refund.eml:OECustomProperty
@Alternate Data Stream - 11823 bytes -> C:\Users\tania\Documents\[videossomente] Teens Like It Big - Elaina Rae.eml:OECustomProperty
@Alternate Data Stream - 1091 bytes -> C:\Users\tania\Documents\LinkedIn Network Updates, 6_27_2013.eml:OECustomProperty

< End of report >
  • 0

#12
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I have these logs on desktop. Opened, selected all, copied, and pasted to reply. Obviously I did something wrong for the second time just now. Will send the rest tomorrow. Sorry
  • 0

#13
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Texred, don't worry we will get there O.K :thumbsup:

The OTL scan I gave you produces 2 Text files, OTL.txt and Extras.txt. You posted the OTL.txt, I need the Extras.txt

Copy and paste the logs one at a time. Let me know if your in any difficulty, it's no problem that's why we're here. :)
  • 0

#14
texred

texred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL Extras logfile created on: 10/1/2013 4:41:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tania\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.67% Memory free
7.93 Gb Paging File | 5.76 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.07 Gb Total Space | 138.37 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive D: | 12.62 Gb Total Space | 2.11 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files (x86)\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D22977-8507-424C-8A17-D2F136884D61}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19B7422F-D32B-4769-AC65-5D9A07113C13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B679504-B471-4859-B51A-7E2E8AB0449B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{231C7941-8D7E-410F-87C9-82338E236054}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{32BAACD3-32EF-4ECF-A7D5-5CF235756C1B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3E0946E0-EC6D-491A-B19D-ACDC51C6B8BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E240940-8AF5-4369-99BE-3AF92F424E0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{444A94B3-8D64-428D-895B-748EDE686CDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F70DB64-5D03-4B67-86FE-93381D6BA12B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51B4293C-707E-44F9-BB40-D58BEC0C54A5}" = lport=138 | protocol=17 | dir=in | app=system |
"{55E77728-A848-4DA1-A898-4B546A82DE3A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{59B33C00-0009-43D7-A10C-8D29C689BC9C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5EC292D6-EF78-4C9B-97CB-4D30003FFAF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{6078CBB2-930C-4DD3-8756-ADA0AD149D1E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68E35F12-36D8-4B76-BB30-B8A3414386D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{795A5050-6EA8-4116-AEC5-CA51DCC361E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{8333FAF2-8C5C-40CD-9E76-1940AD0BBDEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{88BD9CC7-2FB4-4548-BFE2-E992A600CCB5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D73270A-61BA-4F2F-BCB4-FD67F7C2CE78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{996D0AE5-E09E-49B8-8A94-861459B78A03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FD17D05-A57A-4ACF-ABF9-184B793473FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A57C5382-3D4A-42A4-A735-224CDDD04ACC}" = rport=445 | protocol=6 | dir=out | app=system |
"{B687CE64-192F-4072-9CD6-339BD05DFB6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D290ED12-6118-4707-A012-5676955B0BD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E14B5DF1-8ECD-4D9F-A1A8-EF6BCFBDFE89}" = rport=138 | protocol=17 | dir=out | app=system |
"{E25F8E06-1893-4777-9C12-460A364CC3F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E30315C3-09FC-4690-877B-D1BD2779613A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7DCD48F-CC07-4B9A-9243-47B78632AE9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8B93DE6-D512-45AB-BB5B-E20B8EC93477}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FAADF23A-F1E6-4FAF-9488-C9917538BF87}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCFD8156-B0D0-4CD8-BA30-976C1C3649AE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA8DD2-1DC8-47EB-AA00-12E7611002CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{079C7EEF-FBB5-45C0-9536-5BF702E0AF56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0DE519FC-416A-4883-917B-4E8D37F8594D}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{1282ED57-A240-4B83-A8E2-85974F093252}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1ACA8EBE-542F-4885-9A4C-53E8A6825FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2051BA31-8101-4631-A3C5-95E8CF518F11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2CE01CC7-B43B-41C7-A907-91B6019353E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BF49DBF-8A8E-4C39-AC87-59FAF1634ADB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3CA3E24A-1334-4F09-806A-950E4B0ACA0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{4C2CA8CE-10C6-4CAB-86A5-7A057345DBBE}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{4FF07148-9EA9-4926-90C8-E8F16B2573DD}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{5113C970-F28F-4C91-9192-C075982BDF7F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{551B50CC-CD61-465D-A07D-D33A2691166E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{58C898B9-6414-4E3F-AF61-7DEDE3075A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F58D704-2B83-4542-B41B-E61A1D0F1154}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6A63085D-90E4-4F71-83DD-926655D4F617}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6EC6AC8C-7A34-4326-8146-EFF73F2064E6}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{6F30992D-E162-431F-B80B-55A37E020C9F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{70AB5E97-6C72-41A0-8F45-7D309F204460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{71320B6C-0D74-4392-817F-A7E6AA224552}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicatorcom.exe |
"{716E2D50-7845-4E52-BFF4-2F5D4A6CABDC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74C3D475-C7E0-434A-A532-03C7A6C9764F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{811BB674-87CE-419F-A2DF-CC20AC56DBB0}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{840F6442-D544-4085-BBFB-DE44E3BD435A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8721F6F4-B8C1-49E3-AD50-7221CC42C16F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{898203C8-7B45-45D0-8488-6671B04E0CFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8D1E75E9-77F3-4B6F-9456-81E0A26DFEE0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{91BFB889-32BE-41E0-A11D-12CD43001D3A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{91E565AD-34DB-476D-8575-5B02F2759DC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91EAAEA5-7911-489E-A72D-F86E9803759F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{964A187E-6765-459D-8552-325991F38829}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\digitalwizards.exe |
"{9C1F085B-010E-4385-A23C-2C288ADC37CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9FF70D23-3565-492D-B4D8-4A7B756E7193}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A125A3FA-70E0-403E-B9CC-64660C301C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A51641AE-DFF2-4745-AE81-B509B4D39074}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{AD0610BB-AA16-4FCA-8F5D-D6E2D0460687}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{BC5FE5CC-5DDE-4754-A9E1-04ED2E3FB9DF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{C60E822C-235B-4760-8082-96BCA5304AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CF43AE2E-6DC6-4009-A4E5-3EB5ED25E96B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D07DCECB-0A99-4B4C-8711-BD67FF0CDF21}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{DC437AB5-1917-4B82-9B3B-9DB010F413DB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E189F8D3-271A-4F62-9912-20786F5AFAD1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2C2E88D-8A81-4E90-9C37-B7598705B647}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{E60CC266-DBDE-486B-8634-259EC29992F3}" = protocol=6 | dir=out | app=system |
"{E83B6318-C98F-4309-8094-2D9207CF6794}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F0ECFE45-59A1-44D1-98D3-90DE5E9249C1}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{F0FE234D-76A4-4591-95E1-EBF611775CC9}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\sendafax.exe |
"{F2605454-BFD8-44BA-A9CE-CAEC9626D3C8}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\faxapplications.exe |
"{F379C8EE-7897-446B-80D1-E6697BA9E222}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F414B445-8ADA-4DB6-8E7B-5FD67A1245D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8AD4F06-1072-41C6-A9FD-CEF02492AD56}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FDDB3E3C-A560-4930-A71C-E4779C2B985F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{A766119E-1736-4E32-B50D-6F547B0E6E84}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |
"TCP Query User{D485BB95-7341-4381-924D-E5FB772D6325}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{835DD30E-A4A4-4B18-B462-FBA1A19C3473}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{B9F0C972-A13B-4130-A253-70F2BDACD1C1}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}" = Pantech Android USB Driver Ver1
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22FCD3B0-CAA7-444A-84AC-75716545EAB9}" = HP Officejet 6500 E710a-f Basic Device Software
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4945F319-A24D-454C-A411-F3689987315D}" = HP OfficeJet J4600 All-In-One Series
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F3591D0-074B-4F7B-A269-39FE61C9CB5C}" = HP Officejet 6500 E710a-f Product Improvement Study
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F4D304D9-7647-4253-957E-44286B8631F4}" = HP Unified IO
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Logitech Unifying" = Logitech Unifying Software 2.10
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Perfect Uninstaller_is1" = Perfect Uninstaller
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZipCloud" = ZipCloud

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02386A56-080B-485c-941D-AF96B29140DD}_is1" = 7-Data Recovery Suite version 2.2
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{14CF9AF8-10A6-4FA7-9E57-D22DBD644C77}" = HP Unified IO
"{15619017-86DB-49F8-AD97-DC1BC616502E}" = ProductContext
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39A13F18-2AA2-4AB2-B7E3-5D356BCD48F7}" = AT&T Communication Manager
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4845A5C1-7652-4D4C-9EC4-D4629F0A9F1A}" = STOPzilla
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5B7F33B3-C72C-4408-8AF9-B855775F51DB}" = Picasa Web Albums Live Publisher
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6901730F-0385-49D1-B858-A7DBEB6ACE6F}_is1" = 7-Data Card Recovery version 1.1
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A0E4FA1B-AE47-4B2F-8DDA-4FCE2792783D}" = AT&T Support Plus PC Maintenance Toolbox
"{AA8B2587-7198-44E6-858D-20EA0E833C9D}" = HP Wireless Comfort Mobile Mouse
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D7D3E265-119C-4EFD-BB43-BEAF464FC969}" = J4680
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AT&T Support Plus PC Maintenance Toolbox" = AT&T Support Plus PC Maintenance Toolbox
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Belarc Advisor" = Belarc Advisor 8.1
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 8.8.8.8
"Foxit Reader_is1" = Foxit Reader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"oCam_is1" = oCam version 10.0.0.0
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.95
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-485409517-1736587146-2298806430-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2013 8:05:50 PM | Computer Name = tania-PC | Source = VSS | ID = 8193
Description =

Error - 9/29/2013 12:49:46 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/29/2013 12:49:48 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 49543687

Error - 9/29/2013 12:49:48 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 49543687

Error - 9/29/2013 2:28:48 PM | Computer Name = tania-PC | Source = System Restore | ID = 8193
Description =

Error - 9/30/2013 8:05:24 PM | Computer Name = tania-PC | Source = VSS | ID = 22
Description =

Error - 9/30/2013 8:05:24 PM | Computer Name = tania-PC | Source = VSS | ID = 8193
Description =

Error - 10/1/2013 1:51:33 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2013 1:51:33 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2764306

Error - 10/1/2013 1:51:33 PM | Computer Name = tania-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2764306

Error - 10/1/2013 5:00:54 PM | Computer Name = tania-PC | Source = System Restore | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 11/21/2012 8:34:41 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:41 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:42 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:43 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:44 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:46 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:34:55 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:35:06 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:35:13 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/21/2012 8:39:10 PM | Computer Name = tania-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
4062 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

[ System Events ]
Error - 10/1/2013 11:17:34 AM | Computer Name = tania-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/1/2013 11:17:34 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 10/1/2013 11:17:35 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 10/1/2013 11:17:40 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv SBRE

Error - 10/1/2013 11:19:36 AM | Computer Name = tania-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/1/2013 11:20:03 AM | Computer Name = tania-PC | Source = PNRPSvc | ID = 102
Description =

Error - 10/1/2013 11:20:03 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 10/1/2013 11:20:06 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 10/1/2013 11:20:17 AM | Computer Name = tania-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv SBRE

Error - 10/1/2013 11:21:12 AM | Computer Name = tania-PC | Source = DCOM | ID = 10016
Description =


< End of report >
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-01 17:15:20
-----------------------------
17:15:20.078 OS Version: Windows x64 6.1.7601 Service Pack 1
17:15:20.078 Number of processors: 2 586 0x170A
17:15:20.078 ComputerName: TANIA-PC UserName: tania
17:15:21.030 Initialize success
17:17:14.552 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:17:14.552 Disk 0 Vendor: Hitachi_HTS725025A9A364 PC2OC72E Size: 238475MB BusType: 11
17:17:14.645 Disk 0 MBR read successfully
17:17:14.645 Disk 0 MBR scan
17:17:14.661 Disk 0 unknown MBR code
17:17:14.661 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:17:14.661 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225350 MB offset 409600
17:17:14.708 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12924 MB offset 461926400
17:17:14.739 Disk 0 scanning C:\Windows\system32\drivers
17:17:22.648 Service scanning
17:17:42.155 Modules scanning
17:17:42.155 Disk 0 trace - called modules:
17:17:42.186 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:17:42.186 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d0c060]
17:17:42.202 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004b59520]
17:17:42.202 5 ACPI.sys[fffff88000f1a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b55680]
17:17:42.217 Scan finished successfully
17:18:16.399 Disk 0 MBR has been saved successfully to "C:\Users\tania\Desktop\MBR.dat"
17:18:16.415 The log file has been saved successfully to "C:\Users\tania\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
STOPzilla
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#15
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Good job and thanks. It will take some time to go over these logs so bear with me and I will post soon. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP