Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP with bloodhound.sonar.1


  • Please log in to reply

#1
flipperdreams

flipperdreams

    New Member

  • Member
  • Pip
  • 8 posts
I need help removing this virus from my computer. I am using Windows 7. Using Symantec Norton Antivirus, it says the infected file is winnetprofm, it quarantines it, says to restart the computer, but it pops back up. From my research in trying to remove the virus it says that the longer it stays the more harm it does to your computer. I have a lot of important business files and really need help.
  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello flipperdreams and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

OTL

Please download OTL (by OldTimer) from the link below and save it to your Desktop.

Download Mirror #1


  • Disable all anti-virus and anti-malware software to prevent them inhibiting OTL in any way. If you are unsure how to do this, see THIS.
  • Double-click OTL.exe to run it.
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

GMER

Please download GMER from one of the following locations and save it to your desktop:


  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:

    • IAT/EAT
    • Show All <<< Important

    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Tom
  • 0

#3
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, Thanks...When I get done I will post
  • 0

#4
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 10/6/2013 8:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flip Dreams\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.57 Gb Available Physical Memory | 78.97% Memory free
31.82 Gb Paging File | 27.88 Gb Available in Paging File | 87.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.60 Gb Total Space | 23.59 Gb Free Space | 21.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 5.13 Gb Free Space | 1.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 246.53 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 32.10 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive H: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: HME-WIN7 | User Name: Flip Dreams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/06 19:47:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe
PRC - [2013/10/03 06:48:33 | 000,831,488 | ---- | M] () -- C:\Windows\SysWOW64\wnetprof.exe
PRC - [2013/10/02 17:40:19 | 000,726,016 | ---- | M] () -- C:\Windows\SysWOW64\drivers\BleServicesCtrl.exe
PRC - [2013/09/02 09:32:59 | 003,233,806 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/27 04:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/11/21 04:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012/08/15 23:50:36 | 000,848,384 | ---- | M] (Tobias Erichsen) -- F:\Program Files\Loop Midi\loopMIDI.exe
PRC - [2012/06/29 09:59:30 | 008,180,224 | ---- | M] () -- F:\Program Files\xampp\mysql\bin\mysqld.exe
PRC - [2012/06/06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- F:\Program Files\xampp\apache\bin\httpd.exe
PRC - [2012/04/28 18:28:24 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/18 12:08:52 | 000,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/05/19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/19 16:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/11/20 23:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- F:\Program Files\norton ghost\Agent\VProSvc.exe
PRC - [2009/10/01 21:32:04 | 002,596,712 | ---- | M] (Symantec Corporation) -- F:\Program Files\norton ghost\Agent\VProTray.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/09/17 19:48:36 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2009/07/29 15:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWTray.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/13 03:00:48 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/13 03:00:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 16:57:20 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d52b8823da05f910389b3d26bfe654c6\IAStorUtil.ni.dll
MOD - [2013/08/14 16:32:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:32:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 16:32:01 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 16:31:59 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 16:31:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 16:31:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b7efa6bd9a31c0603f0ac19dbde7cff3\System.Configuration.ni.dll
MOD - [2013/07/11 16:53:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\41a3bd6011f301f808fac8eb53993206\IAStorCommon.ni.dll
MOD - [2013/07/11 16:50:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 19:31:30 | 008,865,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/18 02:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 21:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 21:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/03 06:48:33 | 000,831,488 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\wnetprof.exe -- (winnetprofm)
SRV - [2013/10/02 17:40:19 | 000,726,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe -- (bthsrv)
SRV - [2013/09/02 09:32:59 | 003,233,806 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2013/03/27 04:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012/10/23 21:41:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/29 09:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- F:\Program Files\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012/06/06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- F:\Program Files\xampp\apache\bin\httpd.exe -- (apache2.4)
SRV - [2012/04/28 18:28:24 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 12:08:52 | 000,081,920 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/08/18 12:02:56 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/05/19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\norton ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- F:\Program Files\norton ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- F:\Program Files\norton ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/29 20:02:21 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013/04/15 05:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/10/05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/08/15 23:41:38 | 000,030,208 | ---- | M] (Tobias Erichsen) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys -- (teVirtualMIDI64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 12:38:25 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2012/02/18 20:32:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/06/02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/23 06:17:06 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 18:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 07:45:54 | 000,023,344 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/09/21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/09/17 19:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/29 15:28:24 | 000,231,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mafw.sys -- (MAFW)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 15:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/08/28 04:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131006.004\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131006.004\eng64.sys -- (NAVENG)
DRV - [2013/08/27 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 04:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD FE 3C 99 54 F0 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "allhiphop.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.2
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.19.0.3
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: F:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: F:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 13:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 18:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/26 18:27:03 | 000,000,000 | ---D | M]

[2012/02/18 22:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Extensions
[2013/07/26 01:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\extensions
[2013/07/26 01:21:27 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/05/25 22:49:49 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\extensions\[email protected]
[2013/05/17 21:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/10 11:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/27 13:59:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- F:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/23 21:41:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2006/11/09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll
[2012/10/23 21:41:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 21:41:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://allhiphop.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - Extension: YouTube = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay Web App = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.4_0\
CHR - Extension: Google Search = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Late Night = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Gmail = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/09/19 11:47:14 | 000,003,398 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 10 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\java\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Norton Ghost 15.0] F:\Program Files\norton ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [loopMIDI] F:\Program Files\Loop Midi\loopMIDI.exe (Tobias Erichsen)
O4 - Startup: C:\Users\Flip Dreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Flip Dreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: elementk.com ([knowledge] https in Local intranet)
O15 - HKCU\..Trusted Domains: sharepoint.com ([rasmussenedu] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([rasmussenedu-my] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308E4BE5-B6CB-4242-A567-510B6598F631}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5dbd1248-bf35-11e2-a9da-001b4100856e}\Shell - "" = AutoRun
O33 - MountPoints2\{5dbd1248-bf35-11e2-a9da-001b4100856e}\Shell\AutoRun\command - "" = I:\TL_Bootstrap.exe
O33 - MountPoints2\{cb1be9c7-5a3b-11e1-8746-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cb1be9c7-5a3b-11e1-8746-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 19:47:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe
[2013/09/13 03:42:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/13 03:42:28 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/13 03:42:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/13 03:42:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/13 03:42:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/13 03:42:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/13 03:42:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/13 03:42:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/13 03:42:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/13 03:42:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/13 03:42:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/13 03:42:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/13 03:42:26 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/12 17:52:45 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/12 17:52:45 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/12 17:52:44 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/12 17:52:44 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/12 17:52:44 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/12 17:52:44 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/12 17:52:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/12 17:52:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/12 17:52:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/12 17:52:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/12 17:52:44 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/12 17:52:44 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/12 17:52:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/12 17:52:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/12 17:52:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/12 17:52:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/12 17:52:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 17:52:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 17:52:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 17:52:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 17:52:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/12 17:52:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 17:52:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 17:52:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 17:52:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/12 17:52:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/12 17:52:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/12 17:52:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/12 17:52:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/12 17:52:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

========== Files - Modified Within 30 Days ==========

[2013/10/06 20:18:15 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\wpshelper.winsecurity
[2013/10/06 19:50:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160091415-944164656-4070501008-1000UA.job
[2013/10/06 19:49:33 | 000,377,856 | ---- | M] () -- C:\Users\Flip Dreams\Desktop\0g3edidc.exe
[2013/10/06 19:47:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe
[2013/10/06 19:47:55 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\WUDFRd.winsecurity
[2013/10/06 19:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/06 17:50:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160091415-944164656-4070501008-1000Core.job
[2013/10/06 09:10:27 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 09:10:27 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/06 09:09:17 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/06 09:09:17 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/06 09:09:17 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/06 09:03:08 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013/10/06 09:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/06 09:02:55 | 4225,134,590 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 06:48:33 | 000,831,488 | ---- | M] () -- C:\Windows\SysWow64\wnetprofmon.exe
[2013/10/03 06:48:33 | 000,831,488 | ---- | M] () -- C:\Windows\SysWow64\wnetprof.exe
[2013/10/02 17:40:19 | 000,726,016 | ---- | M] () -- C:\Windows\SysWow64\pblds.exe
[2013/10/02 17:40:19 | 000,726,016 | ---- | M] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/09/26 06:48:25 | 000,621,568 | ---- | M] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/09/24 18:35:05 | 000,037,893 | ---- | M] () -- C:\Users\Flip Dreams\Desktop\MYFAX.PNG
[2013/09/22 08:10:13 | 005,024,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/06 19:49:33 | 000,377,856 | ---- | C] () -- C:\Users\Flip Dreams\Desktop\0g3edidc.exe
[2013/10/06 09:03:34 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\wnetprof.exe
[2013/10/06 09:03:08 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013/10/03 06:48:35 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\wnetprofmon.exe
[2013/09/28 17:34:48 | 000,726,016 | ---- | C] () -- C:\Windows\SysWow64\pblds.exe
[2013/09/24 18:35:05 | 000,037,893 | ---- | C] () -- C:\Users\Flip Dreams\Desktop\MYFAX.PNG
[2013/07/13 18:14:19 | 000,726,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/07/13 18:14:19 | 000,621,568 | ---- | C] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/05/02 00:50:54 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\utilpt32.dll
[2013/05/02 00:50:53 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\zlibocx2.dll
[2013/03/07 23:36:36 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/12/25 12:34:55 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/19 20:53:55 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/07/28 20:46:55 | 000,001,456 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/28 20:40:35 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/06/26 16:54:13 | 000,000,580 | RHS- | C] () -- C:\Users\Flip Dreams\ntuser.pol
[2012/03/04 17:58:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/04 17:58:08 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/21 10:55:41 | 000,000,956 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/18 20:48:07 | 000,007,597 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Local\resmon.resmoncfg
[2012/02/18 08:22:26 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/18 08:22:26 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/18 08:22:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/18 08:19:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/18 08:18:57 | 000,030,237 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 32 bytes -> C:\Windows:CM_613ca7df5c1ac96a99e5d18c1e4d921ed3255409dab2ea99e0b5b3c7e7202e77
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_283a8b52096bc1720828325d525b65311af8fbb84d8f2812f746de26b944e2ea
@Alternate Data Stream - 1406 bytes -> C:\Program Files (x86)\Common Files\System:9dlotD1tRyYXPeXxHQCzI9
@Alternate Data Stream - 1353 bytes -> C:\Users\Flip Dreams\AppData\Local\Temp:0IxmuYBhQ4P6AdFwuAsK56shbg
@Alternate Data Stream - 1286 bytes -> C:\Program Files (x86)\Common Files\System:1ZFQRrgvw53A4k8Gx98B2Sb
@Alternate Data Stream - 1249 bytes -> C:\ProgramData\Microsoft:m2PFlpAHEPGHpTTEKO1GmFGNVLHp6
@Alternate Data Stream - 1207 bytes -> C:\ProgramData\Microsoft:iCjk9TXfto7KsicAEmUiGBASTeJQq

< End of report >


OTL Extras logfile created on: 10/6/2013 8:23:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flip Dreams\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.57 Gb Available Physical Memory | 78.97% Memory free
31.82 Gb Paging File | 27.88 Gb Available in Paging File | 87.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.60 Gb Total Space | 23.59 Gb Free Space | 21.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 5.13 Gb Free Space | 1.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 246.53 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 32.10 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive H: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: HME-WIN7 | User Name: Flip Dreams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- F:\Program Files\adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- F:\Program Files\adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DF0035-00B0-4599-9190-3A6181368CAD}" = lport=80 | protocol=6 | dir=in | name=for school |
"{090F71F4-4017-4FA8-8B88-3ED4A36722BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D20A6E0-E8DB-4B1A-A411-AA8998DC80EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{0ED36B0B-9212-4C19-A96C-119563FE4402}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6AC31E-ED46-4ED2-BF6A-DDA1D111DFD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2CD67349-1EB0-41A6-A89F-5F93E18CAF0B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{384A75E4-D23D-41A1-B5FF-1649496AD0CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{397FC4EE-2B88-46E1-BB36-C076D046A187}" = rport=138 | protocol=17 | dir=out | app=system |
"{3E7E0169-2DEF-4322-91FB-35887CC3C44F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{494CC91F-4204-499B-A5EF-BDD431825615}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{553355D1-7234-4CFF-8D07-BD903B2A23BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{58D76A86-8A85-467E-B0BA-C53097A31E3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F01C3D1-417F-440B-A467-D6EDBF418F03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{625A8A00-53B1-4280-8CE9-4B82654F3898}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6442055E-697C-43D6-9A7A-7A48BB47F630}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69E0A19B-5B3D-4A7B-9572-B0DC0ECD6EF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A21DE28-D69D-48BA-88AC-98AD0B22FC1C}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B43C0C3-ADFE-493F-9896-7C647CC3CE51}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{98571921-B680-4647-B384-9315C77F8461}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B379A78-B6A2-4764-80BE-CE6930E3E3AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA39EDC0-8136-4DB5-9578-9EA49F44994A}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD6DB3FB-BF69-42E9-BFF7-5E8846875BF9}" = lport=137 | protocol=17 | dir=in | app=system |
"{B2D5B841-6902-4153-8BDF-8EE75534E150}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{C640A5D6-7F4F-401E-9C56-C98C91249A58}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D7C44116-DC3C-4ACA-8501-2FFB67AED731}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC4F92F2-03DD-488D-AA9E-ECF01FD6589E}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{F099F5DA-92DD-4C0D-858D-12F31EFDF83A}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{F471C40E-8612-4FF2-8794-F0DA246C98F1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082CADB7-F9DE-4C46-88DF-E064B610D827}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{0C5E00A5-BC19-4052-8FDD-1932283D3ED5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1051B328-61DC-4226-B5DA-61E0655A1CFB}" = dir=in | app=c:\windows\syswow64\drivers\blds.exe |
"{10526FF6-EB12-4835-9520-26B2EEF63380}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{12CFE974-8425-47EE-A991-9E29E75902E8}" = protocol=17 | dir=in | app=c:\users\flip dreams\appdata\roaming\dropbox\bin\dropbox.exe |
"{191145E5-BE00-4C77-BA43-3DFB0D311052}" = dir=in | app=c:\windows\syswow64\wnetprof.exe |
"{1B1CDDC9-4293-405D-BA0E-0C4557199A51}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{230F7906-821C-4CCF-9CC2-E3F9E30E61D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23865CA8-910E-49A9-BAEE-420C037CF204}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{33082EE3-8100-4304-9FF2-F574FCEE1038}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{43A1A844-456C-48A5-BD00-129FA7A911AD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{4A88EF22-198A-4FCA-AE1B-1142FBE46D60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5103C207-8066-49A8-BBF0-4D97CF128D91}" = protocol=1 | dir=out | [email protected],-28544 |
"{55284B58-00BC-4181-B540-D4FED28B56B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{567C3DF9-9DA0-48EB-BEE6-B5AC883F2D18}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{58EEEC40-3E32-4000-8AF1-5124D4227551}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C6C2BBE-E5A2-4185-948D-1EE6765620D7}" = protocol=58 | dir=in | [email protected],-28545 |
"{63CB743B-D76D-464B-B6EB-CF35633932D2}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{69357D38-B253-453F-B5B6-F6C4B013C7A8}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{69C7B1AD-4F7D-4C06-A456-7460720E24FC}" = dir=in | app=c:\windows\syswow64\drivers\bleservicesctrl.exe |
"{6A547B6B-EFA3-4945-8CA2-10BE1A525392}" = protocol=1 | dir=in | [email protected],-28543 |
"{6F3F0778-C9ED-4D2D-BE91-0728839C854D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708D76AC-6E7B-495F-B596-9BFE6C4E95C0}" = dir=out | app=c:\windows\syswow64\wnetprof.exe |
"{72C801C9-ED8F-4D09-AB72-032ACDA1DC6C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{795C4850-DE9A-47F7-836B-DA420F17F229}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84E8C31D-8E8B-4E68-9479-23886320E28E}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{952D9E80-0027-48BD-8A1B-87AB1456B90A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{96F4D4FC-97BD-467A-8D88-2B180D7D087F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe |
"{A7B69C27-D75B-4623-BA74-D14E1509DEC6}" = dir=in | app=c:\windows\syswow64\pblds.exe |
"{A93DC589-964F-4292-A419-745B3C20AFE2}" = dir=out | app=c:\windows\syswow64\wnetprofmon.exe |
"{C5D60EBB-1D55-4F8B-816F-4AB4623D3899}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5D95EF0-EC39-4B36-906A-E58AE09439A1}" = protocol=6 | dir=in | app=c:\users\flip dreams\appdata\roaming\dropbox\bin\dropbox.exe |
"{C8C6734E-B919-4A5C-96BA-E6FECBBE9F69}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{C929BF46-B6AD-4748-99CF-656B9B2F2418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9318B5D-999C-4314-855D-2F758BDFE5B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39ACA91-6815-44FC-849A-364609F37B03}" = dir=out | app=c:\windows\syswow64\drivers\blds.exe |
"{D87B7628-0681-4AEA-A0A5-08C78A2707E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E029D101-A70C-4DE8-9F92-669E4F38F8DF}" = dir=out | app=c:\windows\syswow64\drivers\bleservicesctrl.exe |
"{E2850A20-E391-47B4-86F1-07DBD055EF3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E453F6E5-4A0A-4735-9A5F-F9B747179F3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E73CA8DA-2C40-420B-A2FD-1A34703EB401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E865ADBA-4249-4771-9092-D0FB99AE4C93}" = dir=in | app=c:\windows\syswow64\wnetprofmon.exe |
"{EDC4A90D-F58D-44FE-A25E-6B98752A012D}" = protocol=58 | dir=out | [email protected],-28546 |
"{EE389679-520F-4F47-93AB-745B6962D3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{EF6BAF87-AAA5-4798-9A23-01AA878A0F0C}" = protocol=6 | dir=out | app=system |
"{F58CE633-BA22-4A17-91AF-CD7D4D0C9679}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF6176F9-8912-4465-80DC-C5412634F708}" = dir=out | app=c:\windows\syswow64\pblds.exe |
"TCP Query User{765A0A1F-9BAC-40BF-A417-B5999C71E040}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{CC00DE8B-1175-4C4A-8137-79EFDA14700B}F:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=f:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B06CCD8C-1EBC-4D6E-8C4E-3F755F9561CB}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{BF7B58D3-26FF-44F4-A5CF-A774D68A6D55}F:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=f:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3C33BA1B-D447-41CF-A228-84DD499F6F61}" = M-Audio FireWire Driver 6.0.1 (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170110}" = Java SE Development Kit 7 Update 11 (64-bit)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0054-0409-1000-0000000FF1CE}" = Microsoft Visio MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91150000-0051-0000-1000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AA664481-960B-47E2-959D-2FC100C74D13}" = Authorizer Ignition Key Support
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EF728EC1-799C-4570-9AE0-8A9A54E4670A}" = Native Instruments Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1" = Authorizer 2.5.1
"FG-X Virtual Mastering Console_is1" = FG-X Virtual Mastering Console
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office15.VISPROR" = Microsoft Visio Professional 2013
"Reason7.0_32_is1" = Reason 7.0.1
"Reason7.0_64_is1" = Reason 7.0.1
"Virtual Audio Cable 4.12" = Virtual Audio Cable 4.12

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 9.0.5
"{3C89685D-D38C-4124-B8C4-56203B399875}" = Avid Pro Tools MP 9.0.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6C41841F-0ED6-4A78-BD19-B188726D2D80}" = Hi-Speed USB-USB Network Cable
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Avid Free DigiRack Plug-Ins 9.0.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEAF7978-3204-451D-8593-BC53EBDDA31D}" = loopMIDI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD4E18F4-7880-4002-A123-F3820644BA82}" = PCM Native Reverb RTAS Plug-in
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"Authorizer_is1" = Authorizer 1.0.5
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chicken Systems Translator Pro_is1" = Chicken Systems Translator Pro v2.9.0.123
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DivX Setup" = DivX Setup
"FL Studio 10" = FL Studio 10
"ImTOO DVD Audio Ripper 6" = ImTOO DVD Audio Ripper 6
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}" = Visual C++ 64-bit Redistributables
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"Line 6 Uninstaller" = Line 6 Uninstaller
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Logitech Vid" = Logitech Vid HD
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Driver" = Native Instruments Driver
"Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Komplete 5" = Native Instruments Komplete 5
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"PCM Native Reverb RTAS Plug-in" = PCM Native Reverb RTAS Plug-in
"PGP" = PGP 8.0.3
"PowerISO" = PowerISO
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Slate Digital FG-X Mastering Processor_is1" = Slate Digital FG-X Mastering Processor VST RTAS v1.1.2
"SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v3.1.2
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Updater Service" = Updater Service
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.8.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2013 2:04:17 PM | Computer Name = HME-Win7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: winnetprofm by: TruScan
scan. Action: Process or service must be halted. Action Description:

Error - 10/6/2013 2:47:01 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x18b4 Faulting application start time: 0x01cec2c470bccd03 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: af6ecd70-2eb7-11e3-ada9-001b4100856e

Error - 10/6/2013 3:47:00 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x112c Faulting application start time: 0x01cec2ccd281587e Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 109a991e-2ec0-11e3-ada9-001b4100856e

Error - 10/6/2013 4:04:17 PM | Computer Name = HME-Win7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: winnetprofm by: TruScan
scan. Action: Process or service must be halted. Action Description:

Error - 10/6/2013 4:47:01 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x1f58 Faulting application start time: 0x01cec2d5344547b6 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 72f85997-2ec8-11e3-ada9-001b4100856e

Error - 10/6/2013 5:04:12 PM | Computer Name = HME-Win7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: winnetprofm by: TruScan
scan. Action: Process or service must be halted. Action Description:

Error - 10/6/2013 5:47:01 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x1c40 Faulting application start time: 0x01cec2dd9609d331 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: d4bce512-2ed0-11e3-ada9-001b4100856e

Error - 10/6/2013 6:47:01 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x2200 Faulting application start time: 0x01cec2e5f7ce85bc Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 36808629-2ed9-11e3-ada9-001b4100856e

Error - 10/6/2013 7:04:26 PM | Computer Name = HME-Win7 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: winnetprofm by: TruScan
scan. Action: Process or service must be halted. Action Description:

Error - 10/6/2013 7:47:00 PM | Computer Name = HME-Win7 | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version:
11.6.602.180, time stamp: 0x5152b03d Faulting module name: ntdll.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1072 Exception code: 0xc0000005 Fault offset: 0x0002e243 Faulting
process id: 0x2080 Faulting application start time: 0x01cec2ee5992ea27 Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 97ac9ff9-2ee1-11e3-ada9-001b4100856e

[ System Events ]
Error - 10/6/2013 9:03:03 AM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1275

Error - 10/6/2013 9:03:08 AM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7000
Description = The PGPsdkDriver service failed to start due to the following error:
%%2

Error - 10/6/2013 9:03:08 AM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7000
Description = The PGPsdkService service failed to start due to the following error:
%%2

Error - 10/6/2013 12:11:42 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.

Error - 10/6/2013 12:14:14 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.

Error - 10/6/2013 12:16:46 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 3 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.

Error - 10/6/2013 12:19:18 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 4 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.

Error - 10/6/2013 6:32:41 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 5 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.

Error - 10/6/2013 8:02:06 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 10/6/2013 8:07:26 PM | Computer Name = HME-Win7 | Source = Service Control Manager | ID = 7031
Description = The Windows Network List Service service terminated unexpectedly.
It has done this 6 time(s). The following corrective action will be taken in 30000
milliseconds: Restart the service.


< End of report >



GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-06 20:36:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 KINGSTON rev.505A 111.79GB
Running: 0g3edidc.exe; Driver: C:\Users\FLIPDR~1\AppData\Local\Temp\kxdyipow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[5016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[5016] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe[5040] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe[5040] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[5256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b71465 2 bytes [B7, 76]
.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe[6164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b714bb 2 bytes [B7, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Microsoft IntelliType Pro\itype.exe [4412:4704] 000007fef47b7498
Thread C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe [7336:5996] 0000000010037d1b
Thread C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe [7336:9048] 0000000010037d1b
Thread C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe [7336:7156] 0000000010037d1b
Thread C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe [7336:8268] 0000000010009858
Thread C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe [7336:9116] 0000000010009858

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001b4100856e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xB8 0x46 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x28 0x53 0x24 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x62 0x73 0x15 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0x30 0x40 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x81 0x1D 0x34 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001b4100856e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xE5 0xB8 0x46 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x28 0x53 0x24 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x62 0x73 0x15 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0x30 0x40 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x81 0x1D 0x34 0x04 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\Flip Dreams\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 2.1 ----
  • 0

#5
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi flipperdreams,

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - [2013/10/03 06:48:33 | 000,831,488 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\wnetprof.exe -- (winnetprofm)
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: elementk.com ([knowledge] https in Local intranet)
    O15 - HKCU\..Trusted Domains: sharepoint.com ([rasmussenedu] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: sharepoint.com ([rasmussenedu-my] https in Trusted sites)
    O33 - MountPoints2\{5dbd1248-bf35-11e2-a9da-001b4100856e}\Shell - "" = AutoRun
    O33 - MountPoints2\{5dbd1248-bf35-11e2-a9da-001b4100856e}\Shell\AutoRun\command - "" = I:\TL_Bootstrap.exe
    O33 - MountPoints2\{cb1be9c7-5a3b-11e1-8746-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb1be9c7-5a3b-11e1-8746-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe
    [2013/10/03 06:48:33 | 000,831,488 | ---- | M] () -- C:\Windows\SysWow64\wnetprofmon.exe
    [2013/10/03 06:48:33 | 000,831,488 | ---- | M] () -- C:\Windows\SysWow64\wnetprof.exe
    [2013/10/06 09:03:08 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
    @Alternate Data Stream - 32 bytes -> C:\Windows:CM_613ca7df5c1ac96a99e5d18c1e4d921ed3255409dab2ea99e0b5b3c7e7202e77
    @Alternate Data Stream - 32 bytes -> C:\Windows:CM_283a8b52096bc1720828325d525b65311af8fbb84d8f2812f746de26b944e2ea
    @Alternate Data Stream - 1406 bytes -> C:\Program Files (x86)\Common Files\System:9dlotD1tRyYXPeXxHQCzI9
    @Alternate Data Stream - 1353 bytes -> C:\Users\Flip Dreams\AppData\Local\Temp:0IxmuYBhQ4P6AdFwuAsK56shbg
    @Alternate Data Stream - 1286 bytes -> C:\Program Files (x86)\Common Files\System:1ZFQRrgvw53A4k8Gx98B2Sb
    @Alternate Data Stream - 1249 bytes -> C:\ProgramData\Microsoft:m2PFlpAHEPGHpTTEKO1GmFGNVLHp6
    @Alternate Data Stream - 1207 bytes -> C:\ProgramData\Microsoft:iCjk9TXfto7KsicAEmUiGBASTeJQq
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

OTL

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom
  • 0

#6
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yeah, its definitely not worth it.


# AdwCleaner v3.006 - Report created 07/10/2013 at 20:03:00
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Flip Dreams - HME-WIN7
# Running from : C:\Users\Flip Dreams\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Flip Dreams\AppData\Local\apn
Folder Deleted : C:\Users\Flip Dreams\AppData\Local\Conduit
Folder Deleted : C:\Users\Flip Dreams\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Flip Dreams\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\ConduitCommon
Folder Deleted : C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\CT2790392
Folder Deleted : C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\prefs.js ]

Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2790392.AppTrackingLastCheckTime", "Mon Jul 16 2012 18:39:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_130059329278017115", true);
Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_1359634298000", true);
Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.CurrentServerDate", "26-7-2013");
Line Deleted : user_pref("CT2790392.DSInstall", false);
Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Mon Jul 22 2013 22:58:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Fri Jul 26 2013 05:56:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 501);
Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Fri Jul 26 2013 05:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2790392.FeedTTL129313975698350231", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2790392.FirstServerDate", "4-3-2012");
Line Deleted : user_pref("CT2790392.FirstTime", true);
Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2790392.HPInstall", false);
Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2790392.HomepageBeforeUnload", "allhiphop.com");
Line Deleted : user_pref("CT2790392.Initialize", true);
Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2790392.InstallationId", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2790392.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2790392.InstalledDate", "Sat Mar 03 2012 21:02:50 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2790392.IsGrouping", false);
Line Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Fri Jul 26 2013 01:21:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2790392.LastLogin_3.10.0.1", "Mon Apr 30 2012 18:30:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.12.2.3", "Wed May 30 2012 21:22:06 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.13.0.6", "Mon Jul 16 2012 18:37:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.14.1.0", "Sat Oct 13 2012 12:55:48 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.15.1.0", "Sun Nov 11 2012 10:46:14 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.16.0.3", "Mon Mar 25 2013 20:43:05 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.18.0.7", "Mon Jul 22 2013 22:57:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.19.0.3", "Fri Jul 26 2013 05:21:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.9.0.3", "Fri Mar 09 2012 17:43:45 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2790392.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2790392.Locale", "en");
Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Line Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=");
Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Fri Jul 26 2013 01:21:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2790392.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Fri Jul 26 2013 01:21:32 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Fri Jul 26 2013 01:21:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1374739984");
Line Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Jul 22 2013 22:57:53 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Line Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2790392.UserID", "UN93250523776848590");
Line Deleted : user_pref("CT2790392.ValidationData_Search", 1);
Line Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
Line Deleted : user_pref("CT2790392.WeatherPollDate", "Fri Jul 26 2013 05:51:36 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Line Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e.:2z527", "2423");
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e06cg5el8:", "6E6D6A6E6B736F757075");
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747370747179757B767B242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT2790392.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT2790392.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT2790392.backendstorage./9b-0?3g>d", "3D70716F6C6D70437A7776754A20787C7A2125227E4F502A5125275955295A5A272E2A5D");
Line Deleted : user_pref("CT2790392.backendstorage./[email protected]:5;", "");
Line Deleted : user_pref("CT2790392.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT2790392.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT2790392.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Line Deleted : user_pref("CT2790392.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Line Deleted : user_pref("CT2790392.backendstorage./9b5ba==9cjag", "6C6F686B6B6D72707A7174477674797E784D7B7951");
Line Deleted : user_pref("CT2790392.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6A6E6B736F757175767578");
Line Deleted : user_pref("CT2790392.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT2790392.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT2790392.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT2790392.backendstorage./9b<:222h64<l8daj", "6D70706F7674727975722A7A7A727C78757B22");
Line Deleted : user_pref("CT2790392.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT2790392.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT2790392.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT2790392.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6C");
Line Deleted : user_pref("CT2790392.backendstorage.acp_personal.appstate", "656E61626C65");
Line Deleted : user_pref("CT2790392.backendstorage.cb", "31");
Line Deleted : user_pref("CT2790392.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT2790392.backendstorage.cb_user_id_000", "43423637343138383838343934305F46697265666F78");
Line Deleted : user_pref("CT2790392.backendstorage.cbcountry_000", "5553");
Line Deleted : user_pref("CT2790392.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "536174204D617220303320323031322032313A30333A343520474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Deleted : user_pref("CT2790392.backendstorage.cbopenmamsettings", "30");
Line Deleted : user_pref("CT2790392.backendstorage.last_client_stats_submit_2", "31333734353438333334");
Line Deleted : user_pref("CT2790392.backendstorage.local_cookie_stats_last_submit_6", "31333734353438333433");
Line Deleted : user_pref("CT2790392.backendstorage.local_cookie_stats_stats_site_irrelevant", "31");
Line Deleted : user_pref("CT2790392.backendstorage.local_cookie_stats_stats_site_supported", "31");
Line Deleted : user_pref("CT2790392.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333734353438333630");
Line Deleted : user_pref("CT2790392.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333734353438333433");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_appstatereporttime", "31333734383136313339333231");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A224143706C7573222C22637269746572696173223A5B7B2263726974657269614964223A2231373033383264322D[...]
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_currentversion", "312E392E302E34");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_lastlogintime", "31333734383136313335373436");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_mamenabled", "74727565");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238335F30222C22697354657374223A[...]
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT2790392.backendstorage.mam_gk_userid", "63363563663738302D353335622D343763322D616561662D376663343462636362663665");
Line Deleted : user_pref("CT2790392.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Deleted : user_pref("CT2790392.backendstorage.searchappstate", "33");
Line Deleted : user_pref("CT2790392.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT2790392.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT2790392.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT2790392.backendstorage.sf_user_id", "6369645F3234343230313331313536333339373736363934");
Line Deleted : user_pref("CT2790392.backendstorage.url_history0001", "687474703A2F2F7777772E6861636B74686973736974652E6F72672F6D697373696F6E732F6A6176617363726970742F322F3A3A3A636C69636B68616E646C65723A3A3A313334303[...]
Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Mon Jul 22 2013 22:57:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.initDone", true);
Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2790392.oldAppsList", "129298377186075601,129298377186388102,1000234,129791371079091292,1000034,129526968991422666,129309578575850709,129313977501788460,129309577647413174,129309565073350[...]
Line Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.testingCtid", "");
Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Fri Jul 26 2013 01:21:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Jul 22 2013 22:58:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"d2b927d8a8c33afc3488be30ad41cc2b3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1361459328\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2790392", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2790392", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2790392", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2790392", "ZU6zjERHpZr7lBpInn+HyA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:16ac\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"d5f44cb0f932aae7fea3743f5ddf3ed4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d2680daef300d95d6204a3827b0a735\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Flip Dreams\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\svmuwpba.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 30 2012 18:30:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "ec7baf57-c176-4028-8932-c27fd503cb8c");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 22 2013 22:58:03 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 26 2013 01:21:37 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 26 2013 01:21:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "cc56ca14-ae63-4004-8499-8ce9a646c7c8");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "allhiphop.com");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");

-\\ Google Chrome v

[ File : C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33350 octets] - [07/10/2013 20:01:51]
AdwCleaner[S0].txt - [33813 octets] - [07/10/2013 20:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33874 octets] ##########






OTL logfile created on: 10/7/2013 8:06:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flip Dreams\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 13.31 Gb Available Physical Memory | 83.62% Memory free
31.82 Gb Paging File | 28.92 Gb Available in Paging File | 90.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.60 Gb Total Space | 30.54 Gb Free Space | 27.36% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 298.09 Gb Total Space | 5.13 Gb Free Space | 1.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 246.53 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 32.10 Gb Free Space | 13.78% Space Free | Partition Type: NTFS
Drive H: | 38.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: HME-WIN7 | User Name: Flip Dreams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 10:03:53 | 000,675,328 | ---- | M] () -- C:\Windows\SysWOW64\drivers\BleServicesCtrl.exe
PRC - [2013/10/06 19:47:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe
PRC - [2013/09/02 09:32:59 | 003,233,806 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/27 04:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/11/21 04:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012/08/15 23:50:36 | 000,848,384 | ---- | M] (Tobias Erichsen) -- F:\Program Files\Loop Midi\loopMIDI.exe
PRC - [2012/06/29 09:59:30 | 008,180,224 | ---- | M] () -- F:\Program Files\xampp\mysql\bin\mysqld.exe
PRC - [2012/06/06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- F:\Program Files\xampp\apache\bin\httpd.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/18 12:08:52 | 000,081,920 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/05/19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/19 16:39:14 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/12 22:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010/11/20 23:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) -- F:\Program Files\norton ghost\Agent\VProSvc.exe
PRC - [2009/10/01 21:32:04 | 002,596,712 | ---- | M] (Symantec Corporation) -- F:\Program Files\norton ghost\Agent\VProTray.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/29 15:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWTray.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/13 03:00:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 16:57:20 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d52b8823da05f910389b3d26bfe654c6\IAStorUtil.ni.dll
MOD - [2013/08/14 16:32:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 16:32:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 16:32:01 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 16:31:59 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 16:31:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 16:31:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b7efa6bd9a31c0603f0ac19dbde7cff3\System.Configuration.ni.dll
MOD - [2013/07/11 16:53:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\41a3bd6011f301f808fac8eb53993206\IAStorCommon.ni.dll
MOD - [2013/07/11 16:50:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/18 02:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/01/12 21:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 21:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/07 10:03:53 | 000,675,328 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe -- (bthsrv)
SRV - [2013/09/02 09:32:59 | 003,233,806 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2013/03/27 04:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/21 04:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012/10/23 21:41:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/29 09:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- F:\Program Files\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012/06/06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- F:\Program Files\xampp\apache\bin\httpd.exe -- (apache2.4)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 12:08:52 | 000,081,920 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/08/18 12:02:56 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2011/07/09 03:36:12 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/05/19 16:39:18 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Auto | Running] -- F:\Program Files\norton ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [On_Demand | Stopped] -- F:\Program Files\norton ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 20:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- F:\Program Files\norton ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/29 20:02:21 | 000,090,624 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2013/04/15 05:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/10/05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/08/15 23:41:38 | 000,030,208 | ---- | M] (Tobias Erichsen) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys -- (teVirtualMIDI64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 12:38:25 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2012/02/18 20:32:55 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/06/02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/23 06:17:06 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 18:46:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 07:45:54 | 000,023,344 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 13:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/01 22:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/09/21 20:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/09/17 19:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/29 15:28:24 | 000,231,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mafw.sys -- (MAFW)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 15:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/08/28 04:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131006.004\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 04:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131006.004\eng64.sys -- (NAVENG)
DRV - [2013/08/27 04:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 04:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 21:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD FE 3C 99 54 F0 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "allhiphop.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.2
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.19.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: F:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: F:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/27 13:59:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 18:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/26 18:27:03 | 000,000,000 | ---D | M]

[2012/02/18 22:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Extensions
[2013/07/26 01:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\extensions
[2012/05/25 22:49:49 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Flip Dreams\AppData\Roaming\Mozilla\Firefox\Profiles\svmuwpba.default\extensions\[email protected]
[2013/05/17 21:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/10 11:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\FLIP DREAMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SVMUWPBA.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
[2012/07/27 13:59:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- F:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/23 21:41:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2006/11/09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll
[2012/10/23 21:41:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/23 21:41:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://allhiphop.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Flip Dreams\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - Extension: YouTube = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: eBay Web App = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.4_0\
CHR - Extension: Google Search = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Late Night = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: Gmail = C:\Users\Flip Dreams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/07 19:56:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\java\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Pro Tools\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [Norton Ghost 15.0] F:\Program Files\norton ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [loopMIDI] F:\Program Files\Loop Midi\loopMIDI.exe (Tobias Erichsen)
O4 - Startup: C:\Users\Flip Dreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Flip Dreams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Flip Dreams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308E4BE5-B6CB-4242-A567-510B6598F631}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 20:01:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 19:56:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/06 19:47:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2013/10/07 20:06:00 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/07 20:06:00 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/07 20:06:00 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/07 20:04:30 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\WUDFRd.winsecurity
[2013/10/07 20:04:29 | 000,000,064 | RHS- | M] () -- C:\Windows\SysNative\drivers\wpshelper.winsecurity
[2013/10/07 20:04:28 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013/10/07 20:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 20:04:19 | 4225,134,590 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 20:03:41 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 20:03:41 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 19:57:59 | 001,045,226 | ---- | M] () -- C:\Users\Flip Dreams\Desktop\AdwCleaner.exe
[2013/10/07 19:56:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/07 19:50:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160091415-944164656-4070501008-1000UA.job
[2013/10/07 19:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 17:50:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1160091415-944164656-4070501008-1000Core.job
[2013/10/07 10:03:53 | 000,675,328 | ---- | M] () -- C:\Windows\SysWow64\pblds.exe
[2013/10/07 10:03:53 | 000,675,328 | ---- | M] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/10/06 19:49:33 | 000,377,856 | ---- | M] () -- C:\Users\Flip Dreams\Desktop\0g3edidc.exe
[2013/10/06 19:47:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flip Dreams\Desktop\OTL.exe
[2013/09/26 06:48:25 | 000,621,568 | ---- | M] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/09/24 18:35:05 | 000,037,893 | ---- | M] () -- C:\Users\Flip Dreams\Desktop\MYFAX.PNG
[2013/09/22 08:10:13 | 005,024,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/07 20:04:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013/10/07 19:57:55 | 001,045,226 | ---- | C] () -- C:\Users\Flip Dreams\Desktop\AdwCleaner.exe
[2013/10/06 19:49:33 | 000,377,856 | ---- | C] () -- C:\Users\Flip Dreams\Desktop\0g3edidc.exe
[2013/09/28 17:34:48 | 000,675,328 | ---- | C] () -- C:\Windows\SysWow64\pblds.exe
[2013/09/24 18:35:05 | 000,037,893 | ---- | C] () -- C:\Users\Flip Dreams\Desktop\MYFAX.PNG
[2013/07/13 18:14:19 | 000,675,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/07/13 18:14:19 | 000,621,568 | ---- | C] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/05/02 00:50:54 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\utilpt32.dll
[2013/05/02 00:50:53 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\zlibocx2.dll
[2013/03/07 23:36:36 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/12/25 12:34:55 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/19 20:53:55 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/07/28 20:46:55 | 000,001,456 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/28 20:40:35 | 000,000,132 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/06/26 16:54:13 | 000,000,580 | RHS- | C] () -- C:\Users\Flip Dreams\ntuser.pol
[2012/03/04 17:58:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/04 17:58:08 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/21 10:55:41 | 000,000,956 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/18 20:48:07 | 000,007,597 | ---- | C] () -- C:\Users\Flip Dreams\AppData\Local\resmon.resmoncfg
[2012/02/18 08:22:26 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/18 08:22:26 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/18 08:22:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/18 08:19:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/18 08:18:57 | 000,030,237 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/06 15:19:27 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\AC3Filter
[2013/09/25 23:33:41 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\BitTorrent
[2012/09/16 14:05:16 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/05/02 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Chicken Systems
[2012/07/29 07:07:23 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2013/10/06 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Digidesign
[2013/10/07 20:04:38 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Dropbox
[2012/04/30 18:34:44 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\e-academy Inc
[2013/06/08 13:52:29 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\ImTOO
[2012/02/19 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\iZotope
[2012/12/08 22:18:07 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Leadertech
[2012/03/18 16:56:37 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Lexicon PCM Native
[2013/01/06 00:18:15 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Line 6
[2012/12/08 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\ooVoo Details
[2012/02/23 18:48:07 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\PACE Anti-Piracy
[2012/05/29 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\PGP Corporation
[2013/01/06 03:16:50 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Propellerhead Software
[2012/02/18 22:41:29 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Publish Providers
[2013/02/10 20:27:26 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Sony
[2012/03/31 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/28 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Steinberg
[2012/02/23 18:51:54 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Trillium Lane
[2012/02/19 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Waves
[2012/02/19 08:57:11 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Waves Audio
[2012/07/28 17:42:07 | 000,000,000 | ---D | M] -- C:\Users\Flip Dreams\AppData\Roaming\Waves Preferences

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 32 bytes -> C:\Windows:CM_613ca7df5c1ac96a99e5d18c1e4d921ed3255409dab2ea99e0b5b3c7e7202e77
@Alternate Data Stream - 32 bytes -> C:\Windows:CM_283a8b52096bc1720828325d525b65311af8fbb84d8f2812f746de26b944e2ea

< End of report >
  • 0

#7
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No more alerts..Thanks man
  • 0

#8
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi flipperdreams,

We're not quite done yet, but the finish line is within sight!

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner:

Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...
  • In the window that now appears called Launch ESET Online Scanner
  • Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
  • Then in the lower left hand corner of the browser window double click on Posted Image >> follow the prompts
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:  Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tom
  • 0

#9
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Flip Dreams :: HME-WIN7 [administrator]

Protection: Enabled

10/10/2013 5:53:28 PM
mbam-log-2013-10-10 (17-53-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200411
Time elapsed: 1 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dea389dbc8372a46a335ca9d04a01b22
# engine=15440
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-11 12:28:10
# local_time=2013-10-10 08:28:10 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 7002834 132994740 0 0
# scanned=409867
# found=5
# cleaned=0
# scan_time=7001
sh=01AC4E06024F2BF7429D59348C78D836C5959650 ft=1 fh=1c0f11079b89df43 vn="a variant of Win32/InstallBrain.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IBUpdaterService\ibsvc.exe.vir"
sh=22EEDB0EE77EECD3040711BC2D3D44C8F5500498 ft=1 fh=c4931b82aa9fa846 vn="Win32/Toolbar.Zugo application" ac=I fn="F:\bittorrentdownloads\ImTOO DVD Audio Ripper v6.0.14.1231+crk\ImTOO DVD Audio Ripper v6.0.14.1231+crk.exe"
sh=CCE6E22D2759B21153ECF53DB42EBEC4855DECB7 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Agent.BSELZKV trojan" ac=I fn="G:\Programs\Content Disk One.rar"
sh=BF5CCF84C5B742DB7C6F9FDF7966034AC4F7B076 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="G:\Programs\FL Studio 10.rar"
sh=C177B206BB9F490D8EDB1171B048727C32129157 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanProxy.Agent.IIIVZSY trojan" ac=I fn="G:\Programs\Teach Me Piano Deluxe.ISO"
  • 0

#11
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
MVPs HOSTS File

  • Download the MVPs HOSTS File to your desktop
  • Extract the files from the .zip folder
  • Right click on mvps.bat and select Run As Administrator
  • This should open up a command window, follow the on screen instructions
  • Open your start menu, and type cmd
  • Right click on cmd and select Run As Administrator
  • When it opens, type the following:
ipconfig /flushdns

WOT Link Scanning

  • Install WOT (Web Of Trust) from here Safe Browsing Tool - WOT
  • This program provides information about the safety of websites and links that you visit.
  • The ratings can be found below:

    Green - Website is highly rated
    Yellow - Website should be used with caution
    Red - Website should be avoided
  • A complete list of the symbols can be found here
WOT provides colour coded link scanning for websites and allows you to see whether a link you are about to click on is bad - e.g. malicious.

OTL CleanUp

  • Open OTL
  • Click CleanUp
This will remove all of the tools that we have used (and their subsequent logs) from your system, leaving you as good as new.

Tom
  • 0

#12
flipperdreams

flipperdreams

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks
  • 0

#13
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi flipperdreams,

You're most welcome :) Sorry about my previous post, I had originally something at the start of that post but must have pasted over it with my instructions. You're all clean now :thumbsup: Feel free to remove any tools/logs that still remain on your computer!

Tom
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP