Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads by LyricsParty has taken over [Solved]


  • This topic is locked This topic is locked

#1
CooKooByrd

CooKooByrd

    New Member

  • Member
  • Pip
  • 3 posts
I am using Google Chrome and the Ads by LyricsParty popup ads have taken over. When clicking or placing cursor on selected words that are
double underlined , causes a new page ad to popup.

OTL Extras logfile created on: 10/15/2013 4:06:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TAYLOR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.82% Memory free
7.81 Gb Paging File | 5.71 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.08 Gb Total Space | 191.67 Gb Free Space | 67.95% Space Free | Partition Type: NTFS
Drive D: | 15.82 Gb Total Space | 2.59 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
Drive E: | 658.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LOGAN-LAPTOP | User Name: TAYLOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047CA86A-09F4-41E4-995B-A1CA9CB91391}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F235A2D-48B0-4F09-A1EF-C9AAEDD2281A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{212DA878-5279-481B-968F-9EA3E6EF5731}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21357233-60C1-428E-9FE0-F1F14816C32A}" = lport=445 | protocol=6 | dir=in | app=system |
"{23F4D1C1-8B1C-4B3A-9339-71A0F6A9C3C7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{33373189-A8DF-4A72-843F-21980D85CE59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EA8AE26-8835-49D2-8AF1-283B980EEDC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D9F92EB-6B8D-46D6-AD11-36DFAEE8CFFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{591C12AC-1926-4749-A035-B299C70D6281}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{67B07637-6262-4336-A888-AB72E328B62C}" = lport=138 | protocol=17 | dir=in | app=system |
"{74379C25-557B-471E-AB8E-1D2573EE17E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B732EDC-EA72-4804-9BA5-D1C6A260BF48}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CB54DD4-779A-4DB7-ADF6-513FD788030B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DC4A9F9-6987-4139-B02E-D6B83DE57CB3}" = rport=138 | protocol=17 | dir=out | app=system |
"{8092D66F-F551-48E3-A6E9-DA2156E2DFB4}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{9ADEDAF8-99AA-4D45-B76B-B55395F3CC24}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B48D93A-5A3D-42EC-AEFA-ED927684BF4D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EAD9BDF-DDC4-4952-979F-B8AE0C47EB4F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70EF051-02A0-4BB6-A9F9-2DE815977D47}" = rport=445 | protocol=6 | dir=out | app=system |
"{BAADE1EF-28CA-4442-9C85-69D55474044B}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{BF01258F-07E4-4B13-B6B5-D854AAD43E2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{C5D982D7-D2DE-4D90-92E1-C153175F5B85}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D1991A74-D101-4A6D-90E5-C07C111F32B3}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{D4FEE834-8104-477D-9CDC-A72855C98A05}" = rport=139 | protocol=6 | dir=out | app=system |
"{D6C7911E-00CD-4B0D-A3BC-6E77EE069C3F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8F2A84E-1461-4956-8634-31A31A5967B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DDFF9B62-5E42-4AB3-9C0A-DA9B55021BBC}" = lport=139 | protocol=6 | dir=in | app=system |
"{E39D5266-66A2-460E-BDA5-B982DF663384}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{E4795261-4093-4D0D-A7D8-FAD996C75232}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F97BCBE1-9E32-4A23-9246-A407040345A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF0F30B3-6D9B-44C5-891C-65469582B7AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019174F0-83AF-4FBA-B886-36100CD5B9BF}" = protocol=6 | dir=out | app=system |
"{02F991A0-CDAE-4B50-A30F-D9E2B55B540E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13812D7F-5E71-42F9-BCFA-F5A3A4428625}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D51CBE0-29A8-4ADA-8C8E-E9D20EF2FD1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{24C8611E-8C74-4E2B-88D3-33856D6E6FAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{313F9F26-955A-4524-AAA2-780CE1FA1C60}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{42FE50E6-8EC3-4F68-9B72-E6EA2FF491C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4781BD46-E218-4604-9EBE-596CE853BC16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B79522A-F218-4CA5-AF3F-0ECFB8324E35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4EE48196-DB19-4B1D-8040-BAB097FBD5A6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{51BE8163-BF4A-4409-9D93-B060D15D2B0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57F4D6B5-9CFC-416F-8558-84E1BDE5162E}" = protocol=58 | dir=in | [email protected],-28545 |
"{58911B18-E659-4670-BF2C-F78EFB91CABF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{64C97718-E4CA-4258-9004-BB4C70BD687A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{69B94EA0-5BFD-4AAB-98D4-D85E78A34739}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6BC54CFA-5029-4EBE-9290-D437A9EB9BAC}" = protocol=1 | dir=in | [email protected],-28543 |
"{6C47E52B-80E2-4E1D-8DD1-2DC5B8A31E29}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{6F4D89D3-BA7D-43A9-BD0E-4C3692151A47}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7AF45FBD-FB94-4E73-B911-6D0E538D3BD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B835B99-FFBF-4A07-BAD3-A6311B056790}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8A34EBDC-CD2E-42CC-83B1-F7492A321CA6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{8AECA61B-5723-4A14-9110-4B4FC81D7FF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8D73ACD4-EE42-4E77-A8AE-0081F16FEA86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{970613F8-5594-4360-840D-2F8C9102AF31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A3F94045-9CD2-4F4E-A2D3-E58F075229F7}" = protocol=58 | dir=out | [email protected],-28546 |
"{A50286CF-1AF6-40B9-9CA8-0ADCF706626E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B5221769-EA99-4391-9CFD-7400686A53D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B75447E3-4082-4A73-ADD2-8046B7F96676}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B7827F45-EDC9-4893-A7D7-854579C5F3AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC33D955-F653-40B5-BC93-32E21D1BB54C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{BF63D7E6-B4BD-41FB-8E59-3A60EE8E67A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4C16805-B17D-4928-8ABD-11A2E8469B3A}" = protocol=1 | dir=out | [email protected],-28544 |
"{C517048E-FEB0-4FEC-B1FB-2E88F352ED72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C9ACDB6D-1FA0-4FD1-8C42-75E5836873BC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CC0E402F-7054-4E12-B40D-906AAB1D20E7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D4C0674C-DC40-4281-9432-D057DA93940A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D59D716F-5787-4494-B648-2601D84EC873}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D7CFE7B7-5493-4CFE-8B70-F1DF5F8B42BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9FDF8B4-B124-4F98-9187-F36521955E0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1B5817F-2A8E-4289-9509-C674D65E0883}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8311BCC-330D-4622-A5E9-5FD6EAFAACA6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FA7DAB96-24B2-4597-A0BF-559CBCCC5953}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{2002E451-1D1E-47F1-B011-6D7B4DE88DFA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{36791E17-0315-461B-956C-1525B2E19C9F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{597FB036-2069-4452-AAB9-9F8C2CE1AAA2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{AF2FE167-B4D2-4FA8-B48B-76C92A1715BD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{E3C71D1D-02B0-477B-859E-8726728CDB1E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{24C0425B-B691-480F-A3AA-FC2D9A09106B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{25DD4348-E0BC-4514-BEB6-6CF7664DF0ED}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4B849EC1-FDD8-4A13-B125-014D3AF8F1CB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{BB6F5032-7916-4E74-A9A9-575910A7F749}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E8F80616-9814-4086-8891-DC9480730BCE}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BB716E0-1400-0210-0000-097DC2F354DF}" = Autodesk Revit Interoperability for Inventor 2014
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{266597A9-1864-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2014 (Client) English Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
"{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{530B8614-C5DE-475B-AF6F-71BED461552C}" = Eco Materials Adviser for Autodesk Inventor 2014 (64-bit)
"{5783F2D7-D028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2014
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{7F4DD591-1864-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2014
"{7F4DD591-1864-0001-1033-7107D70F3DB4}" = Autodesk Inventor Professional 2014 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1864-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2014 (Desktop Content)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CF526A26-1864-0000-0000-02E95019B628}" = Autodesk Vault Basic 2014 (Client)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"Autodesk Inventor Professional 2014" = Autodesk Inventor Professional 2014 - English
"Autodesk ReCap" = Autodesk ReCap
"Autodesk Revit Interoperability for Inventor 2014" = Autodesk Revit Interoperability for Inventor 2014
"Autodesk Vault Basic 2014 (Client)" = Autodesk Vault Basic 2014 (Client)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"DWG TrueView 2014" = Autodesk DWG TrueView 2014
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"LemurLeap" = LemurLeap 1.0.0
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03FEA4BD-863C-4E07-80EF-A101DD806029}" = John Deere Drive Green
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{3C9D2B2E-53A2-4098-B931-2621C5D9822B}" = Living Marine Aquarium 2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4734A746-A503-4B8E-A4FA-7B7C84A18D79}" = US Tech Support Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5188D24B-9003-41B9-BC5D-7FEBA5C8F3AE}" = Dirt Track Racing 2
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{5C29CC1F-218F-4C30-948A-11066CAC59FB}" = Autodesk Material Library Low Resolution Image Library 2014
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4AAB3A7-C142-463A-867F-EBCB9FA07911}_is1" = QwiklinxForChrome
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Bus Driver" = Bus Driver 1.5
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.10.0
"Dirt Track Racing - Sprint Cars" = Dirt Track Racing - Sprint Cars
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"Google Chrome" = Google Chrome
"IECT3289663" = InternetHelper3.1 Toolbar for IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Lightspark" = Lightspark 0.5.3-git
"LyricsParty-15" = LyricsParty-15
"[email protected]" = LyricsShow
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PrivitizeVPN" = PrivitizeVPN
"Rigs of Rods 0.38.67" = Rigs of Rods 0.38.67
"SearchProtect" = Search Protect by conduit
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WT083305" = Eighteen Wheels of Steel Extreme Trucker
"WT085444" = 1912 Titanic Mystery
"WTA-5258c3f9-9c98-40f1-940e-e59aa094b17f" = Big Rig Europe
"WTA-678505d4-aca9-465c-b0d8-538b92ef92d2" = Bridge Constructor
"WTA-92205714-15c8-4922-9f1e-d6ce43d92e11" = Bus Driver
"WTA-941d315c-acd0-48c8-94f4-31c9c6ded27d" = Eighteen Wheels of Steel: Extreme Trucker 2
"WTA-d5436819-d719-4da4-a2a0-bb6f88dc42bf" = 18 Wheels of Steel - American Long Haul
"WTA-e48160e1-c762-4302-b6ef-d3a8582d6ba9" = Hunting Unlimited 2011
"WTA-eca6fb69-dc9c-43b1-897a-7396cf36373c" = Military Life: Tank Simulator
"Yahoo Browser Settings" = Yahoo Browser Settings

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits
"Severe Weather Alerts" = Severe Weather Alerts
"WordOv" = WordOv

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 12:37:08 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/5/2012 12:37:08 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/5/2012 8:07:12 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/5/2012 8:12:15 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/5/2012 8:12:15 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/5/2012 10:43:23 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/5/2012 10:48:57 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/5/2012 10:52:39 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 4/5/2012 10:52:39 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 4/5/2012 11:19:14 PM | Computer Name = TAYLOR-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 6/20/2012 8:09:52 PM | Computer Name = TAYLOR-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/14/2012 9:36:14 AM | Computer Name = TAYLOR-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 7/14/2012 10:02:27 PM | Computer Name = TAYLOR-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2012 8:16:06 PM | Computer Name = TAYLOR-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 10/28/2012 2:37:07 PM | Computer Name = TAYLOR-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 11/6/2012 7:51:48 PM | Computer Name = TAYLOR-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/18/2012 5:53:31 PM | Computer Name = TAYLOR-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/23/2012 8:41:06 AM | Computer Name = TAYLOR-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 11/27/2012 7:01:44 PM | Computer Name = TAYLOR-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3998 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 11/29/2012 12:04:54 AM | Computer Name = TAYLOR-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3998
Ram
Utilization: 50 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ System Events ]
Error - 10/14/2013 4:36:23 PM | Computer Name = Logan-Laptop | Source = DCOM | ID = 10016
Description =

Error - 10/14/2013 7:19:29 PM | Computer Name = Logan-Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinHttpAutoProxySvc service.

Error - 10/14/2013 7:19:59 PM | Computer Name = Logan-Laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HP Support Assistant Service service.

Error - 10/14/2013 9:02:13 PM | Computer Name = Logan-Laptop | Source = DCOM | ID = 10016
Description =

Error - 10/14/2013 10:25:05 PM | Computer Name = Logan-Laptop | Source = DCOM | ID = 10016
Description =

Error - 10/15/2013 3:05:05 AM | Computer Name = Logan-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).

Error - 10/15/2013 8:22:33 AM | Computer Name = Logan-Laptop | Source = Service Control Manager | ID = 7034
Description = The WajamUpdater service terminated unexpectedly. It has done this
1 time(s).

Error - 10/15/2013 10:20:58 AM | Computer Name = Logan-Laptop | Source = DCOM | ID = 10016
Description =

Error - 10/15/2013 11:30:35 AM | Computer Name = Logan-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).

Error - 10/15/2013 1:53:29 PM | Computer Name = Logan-Laptop | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:

  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
CooKooByrd

CooKooByrd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank You for your time. I have run Malwarebytes , ComboFix and Microsoft Essentials since my last post. Seems I have a problem with PrivitizeVPN


new OLT scan today


OTL logfile created on: 10/16/2013 12:40:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TAYLOR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.58% Memory free
7.81 Gb Paging File | 5.74 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.08 Gb Total Space | 190.15 Gb Free Space | 67.41% Space Free | Partition Type: NTFS
Drive D: | 15.82 Gb Total Space | 2.59 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
Drive E: | 658.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LOGAN-LAPTOP | User Name: TAYLOR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/15 15:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TAYLOR\Downloads\OTL.exe
PRC - [2013/10/03 02:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/12 07:53:42 | 000,736,648 | ---- | M] (US Tech Support LLC) -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/14 16:58:20 | 013,584,776 | ---- | M] () -- C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/23 14:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/15 02:04:01 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/25 15:40:04 | 000,952,608 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe -- (mitsijm2014)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/14 16:45:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/12 07:53:42 | 000,736,648 | ---- | M] (US Tech Support LLC) [Auto | Running] -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe -- (USTSScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/21 16:05:16 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/28 15:11:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/12/28 15:11:05 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/22 23:03:54 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {32FFA210-F5D7-4372-A473-53E7C3F68BE2}
IE:64bit: - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {968762D8-C94F-48B8-943B-64D88D6FB5E2}
IE - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...7A-05559EDEA026
IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {968762D8-C94F-48B8-943B-64D88D6FB5E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000c60767ff62d
IE - HKCU\..\SearchScopes\{1062E5DD-7F49-4680-B4F7-36BF634D1168}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...E10SR&pc=HPNTDF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....Terms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\..\SearchScopes\{7523B457-7A28-4954-9617-D6176C0E16C7}: "URL" = http://websearch.ask...F0-E5A850FFAE57
IE - HKCU\..\SearchScopes\{968762D8-C94F-48B8-943B-64D88D6FB5E2}: "URL" = http://search.condui...9041381176&UM=2
IE - HKCU\..\SearchScopes\{C4859167-8826-44AA-8284-3C5007CFB23E}: "URL" = http://mp3tubetoolba...ede2986b0e495c9
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 15:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/28 15:27:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2009/12/26 15:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Extensions
[2013/10/16 10:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions
[2013/08/21 22:43:45 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2009/12/26 15:20:32 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/07/13 17:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}
[2012/10/16 20:09:23 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/03/03 17:11:47 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] ("Deals Plugin Extension") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2011/03/11 18:52:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2013/10/15 08:22:42 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2011/12/16 15:30:05 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2012/07/13 17:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2011/03/12 00:08:23 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2012/11/25 16:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\chrome
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\defaults
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\locale
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\skin
[2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/17 23:05:50 | 000,002,333 | ---- | M] () -- C:\Users\TAYLOR\AppData\Roaming\mozilla\firefox\profiles\4s6fnx9g.default\searchplugins\askcom.xml
[2012/07/13 17:07:45 | 000,009,889 | ---- | M] () -- C:\Users\TAYLOR\AppData\Roaming\mozilla\firefox\profiles\4s6fnx9g.default\searchplugins\mywebsearch.xml
[2013/10/15 08:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/27 21:52:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 14:50:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/24 16:52:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/03/10 15:09:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2013/10/15 08:22:40 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/03/10 15:09:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 17:13:59 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/03/10 12:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\TAYLOR\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: uTorrentControl_v2 = C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.5.0.1_0\
CHR - Extension: AdBlock = C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: WordOv = C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/16 11:48:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6203DDC3-F553-4CB6-9E6C-96FF495D871F}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/14 23:49:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2002/07/05 10:10:52 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 12:01:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/16 12:00:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/16 11:35:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/16 11:35:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/16 11:35:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/16 11:32:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/16 11:32:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/16 10:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/16 10:56:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/15 14:23:58 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\SparkTrust
[2013/10/15 14:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/10/15 11:07:40 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\Desktop\Tetrix_Kit_FTC
[2013/10/15 11:07:29 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\Desktop\Lego_Mindstorm_Kit_FTC
[2013/10/15 09:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/10/15 08:22:52 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
[2013/10/15 08:22:33 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Local\SwvUpdater
[2013/10/15 08:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[2013/10/15 08:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightspark 0.5.3-git
[2013/10/15 07:09:57 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Local\Autodesk,_Inc
[2013/10/15 07:06:47 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Local\Granta Design
[2013/10/15 07:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/10/15 03:07:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/15 03:07:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/15 03:07:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/15 03:07:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/15 03:07:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/15 03:07:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/15 03:07:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/15 03:07:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/15 03:07:49 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/15 03:07:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/15 03:07:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/15 03:07:45 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/15 03:07:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/15 03:07:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/15 03:07:43 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/15 02:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO
[2013/10/15 02:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013/10/15 02:06:59 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\Documents\Inventor
[2013/10/15 02:04:47 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\Documents\Autodesk
[2013/10/15 02:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/10/15 00:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013/10/15 00:16:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013/10/15 00:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DWG TrueView 2014
[2013/10/15 00:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013/10/15 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Local\Autodesk
[2013/10/15 00:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/10/15 00:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013/10/15 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013/10/14 23:59:27 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\Autodesk
[2013/10/14 23:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013/10/14 23:47:05 | 000,000,000 | ---D | C] -- C:\Autodesk
[2013/10/14 16:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper3.1
[2013/10/14 15:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/14 15:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/10/14 15:04:29 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\SearchProtect
[2013/10/14 15:03:21 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/14 15:03:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/10/14 14:39:15 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/14 14:39:14 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/14 14:39:14 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/14 14:39:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/14 14:39:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/14 14:39:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/14 14:39:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/14 14:39:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/14 14:39:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/14 14:39:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/14 14:39:11 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/14 14:39:10 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/14 14:39:01 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/14 14:39:00 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/14 14:39:00 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/14 14:39:00 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/14 14:38:59 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/14 14:38:59 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/14 14:38:59 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/14 14:38:58 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/14 14:38:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/14 14:38:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/14 14:38:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/14 14:38:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/14 14:38:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/14 14:38:44 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/14 14:38:44 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/14 14:33:53 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/14 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/14 14:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/14 14:14:04 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/14 14:13:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/14 14:13:48 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/14 14:13:48 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/14 14:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/24 21:33:44 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/24 21:33:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/24 21:33:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/24 21:33:37 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/24 21:33:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/24 21:33:36 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/24 21:33:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/24 21:33:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/24 21:33:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/24 21:33:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/24 21:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/24 21:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/24 21:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/24 21:33:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/24 21:33:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/24 21:33:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/24 21:33:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/24 21:33:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/24 21:33:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/24 21:33:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/24 21:33:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/24 21:33:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/24 21:33:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/24 21:33:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/24 21:33:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/24 21:33:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/24 21:33:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/24 21:33:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/24 21:32:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 12:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 12:10:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 12:10:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 12:03:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/16 12:03:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/16 12:03:10 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 11:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/16 11:48:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/16 10:56:47 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/16 10:28:44 | 000,003,660 | ---- | M] () -- C:\Users\TAYLOR\Documents\cc_20131016_102837.reg
[2013/10/16 02:02:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2013/10/15 03:34:50 | 002,270,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/15 03:34:50 | 000,682,688 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 03:34:50 | 000,006,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/15 03:27:42 | 000,540,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/15 02:18:05 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013/10/15 02:16:52 | 000,001,223 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
[2013/10/15 00:28:03 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
[2013/10/15 00:20:27 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013/10/15 00:19:31 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013/10/15 00:17:30 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\DWG TrueView 2014.lnk
[2013/10/14 16:45:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/14 16:45:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/14 14:13:41 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/14 14:13:38 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/14 14:13:37 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/14 14:13:35 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/14 14:13:34 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/10/14 14:13:34 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/14 14:11:58 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTAYLOR.job
[2013/09/24 21:15:59 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2013/09/22 19:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 19:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/22 19:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/22 19:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/22 19:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/22 18:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/22 18:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 18:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 18:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 18:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 18:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/22 18:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/22 18:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/20 22:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/20 22:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 11:35:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/16 11:35:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/16 11:35:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/16 11:35:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/16 11:35:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/16 10:56:47 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/16 10:28:41 | 000,003,660 | ---- | C] () -- C:\Users\TAYLOR\Documents\cc_20131016_102837.reg
[2013/10/15 02:18:05 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013/10/15 02:16:52 | 000,001,223 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Vault Basic 2014.lnk
[2013/10/15 00:28:03 | 000,002,225 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2014.lnk
[2013/10/15 00:20:27 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013/10/15 00:19:31 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013/10/15 00:17:30 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\DWG TrueView 2014.lnk
[2013/10/14 15:03:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/16 20:08:54 | 000,000,258 | RHS- | C] () -- C:\Users\TAYLOR\ntuser.pol
[2012/07/15 13:43:50 | 000,000,017 | ---- | C] () -- C:\Users\TAYLOR\AppData\Local\resmon.resmoncfg
[2012/07/04 22:32:17 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/08/07 03:36:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\5ae646d8fc66840fee5163bc04b45cdd_c
[2011/04/18 20:42:38 | 000,000,000 | ---- | C] () -- C:\Users\TAYLOR\AppData\Roaming\wklnhst.dat
[2011/03/29 17:16:02 | 000,000,022 | -HS- | C] () -- C:\Users\TAYLOR\AppData\Roaming\Sys6925.Config Collection.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:07F6D9E4

< End of report >
  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi CooKooByrd,

Thank You for your time. I have run Malwarebytes , ComboFix and Microsoft Essentials since my last post. Seems I have a problem with PrivitizeVPN

In the future, I suggest not running ComboFix without the supervision of a helper. It is a very powerful tool and is quite capable of rendering your machine unbootable. Anyway, I would like to request for the log it produced. Could you post C:\ComboFix.txt alongside with the ones I am going to ask for below? :)

  • Step 1
After examining your logs, I have seen that you currently have one or more P2P Programs installed. I would recommend their removal as the networks these programs are involved in are breeding places for malware. The things you are downloading are not one hundred percent safe as they can be uploaded by anyone on the Internet, some possibly aiding in the propagation of malware.

More can be read from the following sources:

You are advised to remove the following programs by uninstalling them:

  • µTorrent
Note: This step is optional. You may or may not remove the programs, however I strongly suggest getting rid or disabling them before we continue with the process.
  • Step 2
Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    Posted Image

  • Copy and paste the following into the Custom Scans/Fixes box:

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    E - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...7A-05559EDEA026
    IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    E - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000c60767ff62d
    IE - HKCU\..\SearchScopes\{1062E5DD-7F49-4680-B4F7-36BF634D1168}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
    IE - HKCU\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/...E10SR&pc=HPNTDF
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....Terms}&ei=UTF-8
    IE - HKCU\..\SearchScopes\{7523B457-7A28-4954-9617-D6176C0E16C7}: "URL" = http://websearch.ask...F0-E5A850FFAE57
    IE - HKCU\..\SearchScopes\{968762D8-C94F-48B8-943B-64D88D6FB5E2}: "URL" = http://search.condui...9041381176&UM=2
    IE - HKCU\..\SearchScopes\{C4859167-8826-44AA-8284-3C5007CFB23E}: "URL" = http://mp3tubetoolba...ede2986b0e495c9
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    [2013/08/21 22:43:45 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
    [2009/12/26 15:20:32 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2012/07/13 17:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\{5806fa2d-e338-4a24-a20c-5da56ba3b2ad}
    [2012/03/03 17:11:47 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] ("Deals Plugin Extension") -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2011/03/11 18:52:25 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2013/10/15 08:22:42 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2011/12/16 15:30:05 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2012/07/13 17:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2011/03/12 00:08:23 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2012/11/25 16:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\chrome
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\defaults
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\locale
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\skin
    [2013/02/24 23:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TAYLOR\AppData\Roaming\mozilla\Firefox\Profiles\4s6fnx9g.default\extensions\[email protected]\chrome\content\extensionCode
    [2012/10/17 23:05:50 | 000,002,333 | ---- | M] () -- C:\Users\TAYLOR\AppData\Roaming\mozilla\firefox\profiles\4s6fnx9g.default\searchplugins\askcom.xml
    [2012/07/13 17:07:45 | 000,009,889 | ---- | M] () -- C:\Users\TAYLOR\AppData\Roaming\mozilla\firefox\profiles\4s6fnx9g.default\searchplugins\mywebsearch.xml
    [2013/10/15 08:22:40 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    [2012/03/03 17:13:59 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/03/10 12:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
    O4 - HKCU..\Run: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll (Conduit Ltd.)
    [2013/10/15 14:23:58 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\SparkTrust
    [2013/10/15 14:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
    [2013/10/15 08:22:52 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv
    [2013/10/15 08:22:33 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Local\SwvUpdater
    [2013/10/14 16:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper3.1
    [2013/10/14 15:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
    [2013/10/14 15:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2013/10/14 15:04:29 | 000,000,000 | ---D | C] -- C:\Users\TAYLOR\AppData\Roaming\SearchProtect
    [2013/10/15 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2011/08/07 03:36:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\5ae646d8fc66840fee5163bc04b45cdd_c
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:07F6D9E4
    
    :Files
    C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll
    C:\Users\TAYLOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
    C:\Program Files (x86)\PrivitizeVPN
    C:\Program Files (x86)\Conduit
    
    :Commands
    [emptytemp]
  • Click Run Fix.
  • OTL will reboot your system. Allow it by clicking OK.
  • After a the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
  • Copy and paste (CTRL + A and CTRL + C) the content of that log in your next reply.
  • Step 3
Download 'Junkware Removal Tool by thisisu' and save it to your desktop.

  • Ensure all programs and windows are closed before proceeding.
  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • A black window will appear. Press any key to continue.
  • Wait for it to finish. It won't take long.
  • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 4
Download 'AdwCleaner by Xplode' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Click Scan and choose Clean after.
  • Wait for it to finish. It won't take long.
  • Click OK for the next prompts. Your system will automatically reboot.
  • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
  • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the log back here.
  • Step 5
If you haven't already, download 'OTL by OldTimer' and save it to your desktop.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.
  • Ensure that the following settings are followed. Make sure all other windows are closed and let it run uninterrupted.

    Posted Image

  • Click Run Scan.
  • After a short while, two Notepad windows will appear, named OTL.txt and Extras.txt. Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.
  • Logs to Post
In summary of the above, I will need you to post the following log(s):

  • MMDDYYYY_HHMMSS.log (OTL)
  • AdwCleaner[S*].txt (AdwCleaner)
  • ComboFix.txt (ComboFix)
  • JRT.txt (Junkware Removal Tool)
  • Extras.txt (OTL)
  • OTL.txt (OTL)

  • 0

#5
CooKooByrd

CooKooByrd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for your time BUT the blue screen of death came up 3 times so I decided to start over with a clean reboot. Sorry about taking up your time
but it is much appreciated. Sorry Again , THANX, Jay
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP