Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan horse dropper.generic8


  • Please log in to reply

#1
galgancl

galgancl

    New Member

  • Member
  • Pip
  • 5 posts
I have a windows 7 64 bit Dell laptop. Over the past week or so my AVG antivirus software has been detecting a problem called trojan horse dropper.generic8 and trojan horse dropper.generic7. I click remove all and AVG says it's deleted. I then run 2-3 full scans and it says there's no problems. Then a couple days later the trojan horse will come back again. I take it that AVG is not actually removing it. How do I remove this virus?


I got 2 notepad files so here are both:

OTL logfile created on: 11/8/2013 3:43:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carrie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.31% Memory free
7.80 Gb Paging File | 5.36 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 365.66 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: CARRIE-PC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/11/08 15:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/07 21:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2012/06/05 22:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2012/06/05 13:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2012/06/05 13:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2012/06/05 12:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2012/05/31 15:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2012/05/29 17:07:20 | 000,659,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
PRC - [2012/05/22 22:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2012/05/22 08:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2012/05/22 08:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2011/05/06 14:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2010/12/15 09:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 11:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 11:45:55 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 11:45:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 08:09:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 13:22:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll
MOD - [2013/08/17 13:15:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/17 13:14:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/17 13:14:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 10:31:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013/07/10 08:10:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/28 18:08:20 | 012,637,136 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
MOD - [2013/02/28 18:08:20 | 000,459,728 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 18:08:18 | 004,050,896 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 18:07:26 | 000,596,944 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/02/28 18:07:26 | 000,124,368 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/02/28 18:07:22 | 001,552,848 | ---- | M] () -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/05/29 17:07:20 | 001,958,560 | ---- | M] () -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
MOD - [2012/01/26 09:36:18 | 000,278,528 | R--- | M] () -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/15 09:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/22 08:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/07 18:43:40 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/08 22:47:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 21:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2012/06/05 22:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2012/06/05 13:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2012/06/05 13:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2012/06/05 12:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2012/05/31 15:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2012/05/22 22:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2012/05/22 08:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2012/05/22 08:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2012/05/18 12:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2011/05/06 14:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/02 09:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 10:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/09 23:05:00 | 000,088,576 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
DRV:64bit: - [2012/03/09 23:05:00 | 000,014,336 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
DRV:64bit: - [2012/03/09 23:04:58 | 000,125,440 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 05:49:38 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/01/05 20:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/01/04 12:31:16 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 00:39:10 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/13 08:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/07 18:43:40 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/08/20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...3_9126&tsp=4941
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.golsearch...3_9126&tsp=4941
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.25
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.6.1123.78
FF - prefs.js..extensions.enabledAddons: [email protected]:14.2.0.1
FF - prefs.js..browser.startup.homepage:


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)


[2011/09/06 08:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Extensions
[2013/07/12 13:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\extensions
[2013/07/12 13:13:27 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\extensions\[email protected]
[2012/06/14 10:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/09/10 21:38:26 | 000,002,212 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\searchplugins\BabylonMngr.xml
[2013/07/12 13:13:30 | 000,001,294 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\searchplugins\delta.xml
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.6.1123.78\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement Web App = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Digital Clock CE-7 = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceppoilemjnhfdbkekhcnagmfnhokjgm\1.2_0\
CHR - Extension: Google Search = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Calculator = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja\3.5.2_0\
CHR - Extension: Google Calendar = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Digital Clock = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: AdBlock = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: Awesome Weather Widget [ANTP] = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2013.105.3.0_0\
CHR - Extension: My Browser Page = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: Poppit = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0\
CHR - Extension: Quick Note = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0\
CHR - Extension: Gmail = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.153.5.248 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D528B1-0E97-4BAF-B78A-874D6C0C897A}: DhcpNameServer = 128.153.5.248 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{663468f6-c199-11e2-aedc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{663468f6-c199-11e2-aedc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O33 - MountPoints2\{8551c57e-c185-11e2-ae36-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8551c57e-c185-11e2-ae36-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/08 15:43:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
[2013/11/07 13:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 13:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/27 16:51:33 | 000,000,000 | ---D | C] -- C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013/10/22 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Carrie\AppData\Roaming\YourFileDownloader
[2013/10/11 21:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/11/08 15:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
[2013/11/08 15:36:13 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job
[2013/11/08 15:17:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/08 14:42:57 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:42:57 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/08 14:40:47 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/08 14:40:47 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/08 14:40:47 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/08 14:35:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/08 14:35:32 | 3140,169,728 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 00:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job
[2013/11/07 13:32:56 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 22:42:47 | 000,000,000 | ---- | M] () -- C:\END

========== Files Created - No Company Name ==========

[2013/11/07 13:32:56 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 14:21:39 | 000,000,000 | ---- | C] () -- C:\END
[2013/07/15 15:50:42 | 000,143,058 | ---- | C] () -- C:\Windows\hpwins28.dat
[2013/07/15 15:50:42 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2013/05/22 21:54:52 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/21 15:28:56 | 000,145,734 | ---- | C] () -- C:\Users\Carrie\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2013/05/21 15:28:56 | 000,000,491 | ---- | C] () -- C:\Users\Carrie\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2013/05/21 15:24:57 | 000,009,728 | ---- | C] () -- C:\Users\Carrie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/21 15:24:37 | 000,196,384 | ---- | C] () -- C:\Users\Carrie\7.jpg
[2013/05/21 15:24:37 | 000,123,626 | ---- | C] () -- C:\Users\Carrie\1.jpg
[2013/05/21 15:24:37 | 000,113,443 | ---- | C] () -- C:\Users\Carrie\6.jpg
[2013/05/21 15:24:37 | 000,100,824 | ---- | C] () -- C:\Users\Carrie\19.jpg
[2013/05/21 15:24:37 | 000,090,172 | ---- | C] () -- C:\Users\Carrie\5.jpg
[2013/05/21 15:06:01 | 000,199,313 | ---- | C] () -- C:\Users\Carrie\29.jpg
[2013/05/21 15:06:01 | 000,180,290 | ---- | C] () -- C:\Users\Carrie\24.jpg
[2013/05/21 15:06:01 | 000,091,749 | ---- | C] () -- C:\Users\Carrie\20.jpg
[2013/05/21 15:06:01 | 000,090,223 | ---- | C] () -- C:\Users\Carrie\38.jpg
[2013/05/21 15:06:01 | 000,085,585 | ---- | C] () -- C:\Users\Carrie\28.jpg
[2013/05/21 15:06:01 | 000,077,340 | ---- | C] () -- C:\Users\Carrie\32.jpg
[2013/05/21 15:06:01 | 000,049,743 | ---- | C] () -- C:\Users\Carrie\23.jpg
[2013/05/20 15:13:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013/05/20 15:13:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013/05/20 14:33:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/05/20 14:33:51 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/05/20 14:33:49 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/23 13:50:42 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/22 17:28:28 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Autodesk
[2013/09/19 13:00:13 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\AVG2014
[2013/07/12 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\BabSolution
[2012/08/08 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Babylon
[2013/10/22 19:13:04 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Betcat
[2013/05/22 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\cypress
[2013/07/12 13:13:24 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Delta
[2013/11/08 14:43:42 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Dropbox
[2013/07/12 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\ExpressFiles
[2013/09/21 20:32:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\File Scout
[2013/07/12 13:05:18 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\GoforFiles
[2012/01/18 17:43:06 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Octoshape
[2013/05/21 15:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\ooVoo Details
[2011/07/25 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Opera
[2013/06/03 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\PCDr
[2013/05/21 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\TeraCopy
[2013/05/24 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\tmp
[2013/05/21 14:35:56 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\TuneUp Software
[2013/10/22 14:22:29 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



< End of report >


EXTRAS:

OTL Extras logfile created on: 11/8/2013 3:43:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carrie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 31.31% Memory free
7.80 Gb Paging File | 5.36 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 365.66 Gb Free Space | 78.52% Space Free | Partition Type: NTFS

Computer Name: CARRIE-PC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Carrie\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Carrie\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B1B5056-C179-40BB-9519-6BE35C758D8C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A861677F-177D-45E9-929D-04AC30084BE0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6EB940-0BF5-4A23-8191-D03ACE0D1DB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{12A7236C-0039-462D-BFF4-0DC420220C55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{146FAA58-20C4-494A-AB8E-05A8176A3F69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{1ADF2BDC-1653-426A-B8B4-A8F23AD96346}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1DD96EFD-647F-427A-83CD-A669A0A3EE87}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{247E53F1-4AFA-47AE-BBB0-A7C855E802FB}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{250CEA21-144B-4795-89F1-2722BC8E6B66}" = dir=in | app=c:\users\carrie\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{255782D5-BA21-420B-BB1E-D37C7B958143}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{330116C7-7FD3-415C-94DD-297828E8CFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{34433C35-DBFC-4A67-BE20-EF8E0CEF597A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{3E45F281-491C-4EF3-8E36-DD942780AD81}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{402DA793-2400-44D5-98E1-0E2494BA99FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{41E6BBD2-C572-453F-8705-64B779A2FA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{4CDAB9C4-7D86-4E7C-AB63-EA6DACE181D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4EF68BDE-0739-4F8B-B36E-4B89188E6987}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{60969B7E-3E41-479E-829A-E44AC06D942F}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{68489F1F-464B-4F31-8F71-53427789E853}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{6DC1D14B-95AF-400B-994B-0F598C8056B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6FEC3937-D22E-4520-8093-7F3102B4C836}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{700B1453-0A88-406A-8558-E59666992B4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70C4E51F-ED71-4F0A-929E-79EB3CD82098}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{7A56CBF1-4136-44B7-827C-F65F6B9F119A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{84EA22E5-3C81-4F6C-9E98-40A99889EBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9AD99CE9-01F2-4BA7-B2AD-34AF084A669F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3B3CB85-26AA-4C74-A138-E5A4407E0DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{A40D82E9-DE48-4B41-BA0B-532133ED7F1B}" = dir=in | app=c:\users\carrie\appdata\local\temp\hp\oj4500vg510n-z_basic_13_en\setup\hpznui40.exe |
"{A91E0BA0-B835-40F1-A413-76E9621F0780}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{AC8BE84D-B6DC-4339-8100-F1937316BB21}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{AD64CCC9-C3E1-4DF1-B07E-A6512D06FF6F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B4015A2B-03AA-45CD-AB7F-82A4429B84E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{C7684F40-6ABA-42E9-943F-FB06564420FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CDC28A86-F54C-4B8E-A3EB-87337374E223}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CEA569B9-0E4E-4B48-8332-85F1EA69FDF8}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{D6599B12-A178-48B5-884A-3CAF45F5274D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{E47E2283-1F73-483A-91F9-4D2030A70B5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E601A24C-B4B0-4459-A8CF-D2522F6D2599}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EF0C3BAC-2FDD-4399-9578-6C247FD24184}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FD99EEAE-C651-4802-A52D-C10CC91C3090}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000A570E-F926-4808-956C-A57EE91B75F6}" = NI TDM Streaming 2.4 (64-bit)
"{00606A59-716C-484A-AE64-5F7E3F23B3BD}" = NI GMP Windows 64-bit Installer 12.0.0
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}" = NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
"{0EA4894B-C99B-48E4-976A-94B55CB89239}" = NI MXS 5.3.0 for 64 Bit Windows
"{176468CE-41AB-4A9A-AC38-45A146D39688}" = NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
"{197B80EB-D791-4DA4-9398-B5F029738E22}" = NI System State Publisher (64-bit)
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{1E0A5B20-9D36-4861-BEF8-9B9B4C278218}" = NI TDM Excel Add-In 3.4 64-bit
"{20F3F8E0-7CCF-4A4E-A23C-58B188E87F4F}" = NI System Configuration Runtime 5.3.0 for Windows 64-bit
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
"{28324488-BF50-488F-BE40-6ED3CFA40C26}" = NI Variable Engine (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{32C65538-80DA-41C9-B990-EED4D260B50F}" = NI System API Windows 64-bit 5.3.0
"{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}" = NI Web Application Server 12.0 (64-bit)
"{41B541B6-3518-4343-8A67-46FF9A4AA1A3}" = NI USI 2.0.0 64-Bit
"{45A790D5-C7EB-4BE0-B71A-10C550844AF6}" = NI Portable Configuration for 64 Bit Windows 5.3.0
"{46EF0477-FBC0-47D4-B9B6-81DB345C18E9}" = NI Network Discovery 5.3 for Windows 64-bit
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software
"{4DD08E99-6FC1-4188-9A2E-0AF968279E41}" = NI mDNS Responder 2.1 for Windows 64-bit
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{58A9B4F6-2E67-464A-9F71-95F6D7159702}" = NI Math Kernel Libraries (64-bit)
"{5A59ABAE-5F06-4241-B607-6376C29F9F31}" = NI Logos64 XT Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{774510C7-E6AC-4ECB-ACEF-D5284FED4D0A}" = NI-RPC 4.3.0f0 for 64 Bit Windows
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824088E6-2B7A-4CD3-9835-D2AE8BB55EBF}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
"{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}" = NI ActiveX Container (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}" = NI Logos 5.4 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9C10623C-BF56-4D66-8F1F-B2D667E44986}" = NI System Web Server Base 12.0.0 (64-bit)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A7DE0CB6-DE87-4065-9596-5A1E9FED3297}" = NI Assistant Framework 64-bit
"{ACA45A9D-5C68-429F-AE87-0F2917136FCC}" = NI SSL Support (64-bit)
"{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}" = NI VC2010SP1MSMs x64
"{AFE7987B-E282-42CE-AD5A-E333BE31E204}" = NI Curl 12.0.0 (64-bit)
"{B618335B-11D2-4780-B5CE-AA2D111DB693}" = NI Authentication 12.0.0 (64-bit)
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{B9293F41-3CB1-4E86-9523-010F8ACB782D}" = NI Xalan Delay Load 1.10.2 64-bit
"{BD432073-6A5D-4F0F-8952-43B3C21A31C3}" = NI Trace Engine (64-bit)
"{BE2DC247-C185-4EC2-840F-484B46AA1B0E}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{C3D647DC-7317-41F3-A8DB-CC6B98239C6E}" = NI MAX Support for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D754C95D-A80F-471C-819B-EEEDD07C9B0A}" = NI-Mesa
"{DABB1D70-482A-4B92-8B24-052AD650A2B0}" = NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
"{DCEF4AB3-3E07-4517-9A92-9599C903E32B}" = NI DataSocket 5.0 (64-bit)
"{DDAAADDD-C57E-4731-A29C-133191587488}" = NI Help Assistant 2.0 (64bit)
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}" = NI VC2005MSMs x64
"{E3EB4126-0930-4926-B135-1F85452E7975}" = Math Kernel Libraries (64-bit)
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F27CFD16-939A-4232-98CD-180898D14713}" = HP Officejet 4500 G510n-z
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCA2E817-8584-43EF-ABCA-05514305F0C6}" = NI Update Service 2.3 (64-bit)
"AVG" = AVG 2014
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00205043-EF6B-4676-8700-C4CA79AF38CB}" = NI Remote PXI Provider for MAX 5.3.0
"{01C0F5DE-BF22-43B9-B7D9-7915B32F71F1}" = NI LabVIEW Run-Time Engine 2012 f3
"{036C09F0-1423-4097-9720-D9E034CFF50A}" = NI Web Application Server 12.0
"{0426182B-4CE3-4F93-93ED-22C1B99B794D}" = NI License Manager
"{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}" = NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{10C2A6F0-6700-4D31-AC24-D0D5100B79CC}" = NI Network Discovery 5.3
"{11AABEE9-3FC1-49A9-BA67-D49BD0FEC39A}" = NI LabVIEW 2012 License
"{1289A4EC-A5C8-48A0-AF39-0E49F716C20F}" = NI Customer Experience Improvement Program
"{1325DEDB-4EA5-45EF-85A7-A01D58BB9420}" = NI-DAQmx/LabVIEW shared documentation 9.5.5
"{143CCCB0-7075-4957-9318-FD4CCD457572}" = NI System Configuration LV2012 Support 5.3.0
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard
"{166B0BE3-4A53-4E18-B967-DEF63795DB75}" = NI Software Provider for MAX 5.3.0
"{16926780-AA4D-4BC0-ADBD-E8D17D0F63A2}" = NI System API Windows 32-bit 5.3.0
"{1B134E1D-FD88-44EE-AD47-E41D023F913C}" = NI LabVIEW 2012 (32-bit)
"{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"{1CD7BB88-C496-4484-A309-6F2F84814416}" = NI Web Interface Framework 2012
"{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}" = NI LabVIEW Run-Time Engine 2011 SP1
"{231D0E11-0313-49FD-95CE-1D0264C7F1F5}" = NI Math Kernel Libraries
"{24539AF1-51B2-4322-B3D7-BF4E5FA556F8}" = NI LabVIEW Run-Time Engine Interop 2012
"{25A0DCD9-84D7-47A2-A139-C3BCC43CD59A}" = NI System API Web-Servce 32-bit 5.3.0
"{25CDAF24-F25B-402D-A7C7-B0B73C66A6FD}" = NI LabVIEW 2012 MeasAppChm File
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{27B67D4C-407D-43FF-BCDE-B9E3208070E3}" = NI LabVIEW 2012 Deployment Framework
"{28D398A0-EA5E-462F-94D0-3176B11F83AD}" = NI LabVIEW 2012 Run-Time Engine Web Server
"{2A8F9255-F4AB-4a37-8F39-7C6E15B5158B}" = 4500G510nz_web
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2CB15350-C073-4A5B-A706-59E1F69DE11C}" = NI Xalan Delay Load 1.10.2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F64AB3D-540C-44FF-ABB6-6A2E6CF8B8A5}" = NI Instrument IO Assistant for LabVIEW 2012 32-bit
"{3246360A-10B4-4604-8C84-609F526A9A74}" = NI LabVIEW 2012 Search
"{33F298F6-BE62-4294-A5E4-01DED9E7614B}" = NI LabVIEW 2012 (32-bit)
"{36D68CEE-1AC5-47E1-A269-791683DE53D0}" = NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
"{38300A40-AB90-444D-A823-17EB95A5C731}" = NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
"{38930905-CC7D-457D-963E-FD2B0F3CC24A}" = NI LabVIEW 2012 (32-bit)
"{39E63436-773B-4294-9C19-E4E5941A6C69}" = NI Logos 5.4
"{3A1E27A9-C447-484E-9A9B-B23864DB1316}" = Microsoft Silverlight 5.1
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E8FE46A-2A04-4328-A873-6E0ADC91FE8A}" = NI LabVIEW 2012 Real-Time Error Dialog
"{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}" = NI USI 2.0.0
"{4128842C-D299-4ADE-84A7-AB923079DE94}" = NI LabVIEW Merge Utility 12.0.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41F6CA61-82CB-4615-9A97-252C5D58FA4B}" = NI LabWindows/CVI Run-Time Engine 2010 SP1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{442971F2-D1CF-4859-B0AD-167F2BDDC9EA}" = NI LabVIEW 2012 Deployable License
"{454BB334-669A-4F08-B3A5-873327176A7A}" = NI Variable Engine LabVIEW 2012 Support
"{45CD454E-EA23-466B-8AB8-2F3002C7D532}" = NI Search Shared
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{476FEE82-F90C-4F79-AFE4-AD0FA128C71F}" = NI Uninstaller
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}" = NI VC2005MSMs x86
"{4C146083-2C71-4C64-A4AD-5E340E177E63}" = NI ActiveX Container
"{4C16E76C-7A4D-48E7-9E5E-B76B357C014E}" = Math Kernel Libraries
"{4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7}" = NI Trace Engine
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{526FED3E-499E-4989-B9F9-207E2FE425AA}" = NI SSL Support
"{54AC24BA-DF2F-492F-8A28-C60B0CAD48EB}" = NI Measurement & Automation Explorer 5.3.0
"{570AFAC0-96B1-4491-B24B-6D251C52AFA4}" = NI System Web Server 12.0
"{59DA8C21-C667-47D0-A259-AA942C9A9717}" = NI Curl 12.0.0
"{5A6C68D9-FDCB-4675-A95A-CD908D103614}" = NI TDM Streaming 2.4
"{5AEBB67E-812E-43BC-B029-CD83DBA7CE30}" = NI LabWindows/CVI 2010 SP1 Code Generator
"{5BFCB0ED-0539-4C0E-B1CC-EA8AB45B5348}" = NI MDF Support
"{5CC95D76-A798-4722-AE76-E494D9664907}" = NI .NET Framework 4.0
"{5DA2E9EF-3CAA-495F-AB2C-55F39FF9EA39}" = NI SSL LabVIEW RTE 2012 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66779CC0-03E8-42E2-9781-E8B05FB166BF}" = NI LabVIEW 2012 (32-bit)
"{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}" = NI LabVIEW Run-Time Engine Interop 2011
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DCB11A2-D051-4FF2-BCE0-2248032DE850}" = NI LabVIEW 2012 Scripting Code Generator
"{6E22CE6C-3F93-4B52-9D4D-BE9BEA3C3B23}" = NI Portable Configuration 5.3.0
"{6E648051-E2C7-4C24-BE4D-055B174B345F}" = NI LabVIEW 2012 Help
"{6EA7B5DD-BE0E-4678-8BD1-E0415C0B59A8}" = NI LabVIEW 2012 (32-bit)
"{6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24}" = NI mDNS Responder 2.1.0
"{72AEEFF2-F258-4DCA-AFAE-441AC6CEBA2F}" = NI LabVIEW 2012 Help File
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{78783E82-40B4-46EE-9EDF-9C501E057326}" = NI LabVIEW 2012 (32-bit)
"{7888F38C-E534-473D-B029-562173EEA2C8}" = NI-Mesa
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A2388A-6FCC-404D-A860-8D2F74844821}" = NI VIPM Helper 2012
"{7B03B9AF-9BC4-4510-971C-375D6352923E}" = WIF Core Dependencies Windows 5.3.0
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7FB07065-F547-448A-A1C3-1F2EF5EB834F}" = NI LabWindows/CVI 2010 SP1 Network Variable Library
"{80FB7EBE-F006-41D4-A288-FA960645E6C0}" = NI DataSocket 5.0
"{843BD817-4551-451C-AB7A-EF113BF9C036}" = 4500_G510nz_Help_Web
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{889318AA-C95A-4ED8-94A9-067093DEC808}" = NI System Configuration Runtime 5.3.0
"{88A77AEA-B52C-4D59-858E-51DD450848DE}" = NI Logos XT Support
"{89CFE5F0-DF10-4B2D-9A47-275F3FBE6B03}" = NI Launcher
"{8FBAA717-6C1C-4BA1-B446-AA5118BA6401}" = NI Update Service 2.3
"{8FF8CB08-4E26-4425-9032-BE381589E25A}" = NI Example Finder 12.0
"{92F7027F-BEDE-4E87-B18A-A12E3C4A2A96}" = NI Logos LabVIEW 2012 Support
"{944AE87D-38B2-4D09-B9D3-068C2BA6265B}" = NI System API Client for WIF 5.3.0
"{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}" = NI LabWindows/CVI 2010 SP1 Analysis Library
"{97A47220-6DF7-45A5-A766-59EF36E1F600}" = NI-RPC 4.3.0f0
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9CD98CEE-3271-4F0E-9C06-75A1EE9E103F}" = NI TDM Excel Add-In 3.4
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9E5E2BB1-C3D2-4A3A-8F9C-2CF0D667914F}" = NI LabVIEW Compare Utility 12.0.0
"{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library
"{A0D847A9-A042-48F9-A108-FA3BF96B9D6F}" = NI SLCP 1.0
"{A5133B4F-1D06-408C-95B8-51A5A8B62413}" = NI LabVIEW 2012 (32-bit)
"{A68CCA86-A2CC-41EF-A9F0-50C5FAA9A04C}" = NI Assistant Framework
"{A74D70DD-5A29-4111-9D65-F264A3D0AFF8}" = NI EulaDepot
"{ABC5023C-638C-4E52-A78F-991A5F04F1D7}" = NI MAX Remote Configuration Installer 5.3
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACC9DFD9-9DC5-4507-8469-E8A8F5035B9C}" = NI Assistant Framework LabVIEW Code Generator 2012
"{ADBE33A8-0634-4184-AE02-DC85F1745551}" = NI Distributed System Manager 2012
"{AED17FC7-86C3-47BE-84F9-9F078F522770}" = NI System State Publisher
"{AFB0647D-9FEB-4B4C-BD6C-5D68D6F583DB}" = NI System Configuration 5.3.0 LabVIEW Support
"{B3137CC2-0CC4-4763-B38A-AC0ACEE27740}" = NI-RPC 4.3.0f0 for Phar Lap ETS
"{B4A772D4-ED42-4484-8C0E-663A52D07A2F}" = NI LabVIEW 2012 Real-Time NBFifo
"{B4D7F809-ED68-49FD-A1A0-1C77FC956965}" = NI MXS 5.3.0
"{B54F04FD-1440-414B-9FBA-46AAC5B7115D}" = NI LabVIEW 2012 Manuals
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCC373FE-227D-46D9-827F-05BA296E2602}" = NI LabVIEW Web Server for Run-Time Engine
"{C03C3B2C-6CA6-4134-8E5E-3381D6B19407}" = NI LabVIEW 2012 Simulation
"{C226D942-1BD2-47BB-8323-4190C9C17BD7}" = NI LabVIEW 2012 Web Server
"{C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C}" = NI System Web Server Base 12.0.0
"{C974EA9C-D8C0-42C3-80B9-3A164EA709F2}" = NI LabVIEW 2012 (32-bit)
"{C9A0D47F-9A68-4917-868C-79E384E4DEE6}" = NI Help Assistant 2.0
"{D31122C9-86AC-4ACD-859E-4B1D340E1D14}" = NI Error Reporting 2012
"{D4440B7D-5069-4A54-83CD-A0093A7E9001}" = NI LabVIEW Web Services Runtime
"{DAA441A4-464F-4E1C-96BC-697746F61482}" = NI LabVIEW 2011 SP1 Deployable License
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E1D39E62-6A6E-411E-A3FE-8D0C335DED1B}" = NI Remote Provider for MAX 5.3.0
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2664099-6769-474F-A1C0-750AE5221B94}" = NI LabVIEW 2012 (32-bit)
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{E9592CCE-3058-4308-B52A-5AEA08E54F13}" = NI Authentication 12.0.0
"{EA9650DD-039A-4D72-8967-0FEEFDFB36B0}" = NI Variable Engine 2.6.0
"{EAC44648-E378-45C7-BEF3-3DD68980E465}" = NI GMP Windows 32-bit Installer 12.0.0
"{EBBAE791-A994-4EBC-8188-EA75B1F4AFF0}" = NI LabVIEW 2012 Variable Web Service
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2273FA7-117C-43D7-BD59-00B025535442}" = NI VC2010SP1MSMs x86
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F5F0BFAE-3F87-40BA-9279-DE7621579CF8}" = NI OPC Support
"{F7FD3B06-9DF0-4AC4-8483-7538A7E913BA}" = NI MetaSuite Installer
"{F85B53F8-5DC5-49BB-90A2-3D6E3B866F5A}" = NI SSL LabVIEW 2012 Support
"{FE23C88C-30AD-42F3-90FD-36DB976314B7}" = NI LabVIEW 2012 f3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Dell Webcam Central" = Dell Webcam Central
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"InstallShield_{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"MatlabR2011a" = MATLAB R2011a Student Version
"NI Uninstaller" = National Instruments Software
"VLC media player" = VLC media player 2.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2013 6:42:23 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:23 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:23 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:24 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:24 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:24 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:25 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:25 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/7/2013 6:42:25 PM | Computer Name = Carrie-PC | Source = Bonjour Service | ID = 100
Description =

Error - 11/8/2013 3:35:38 PM | Computer Name = Carrie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/1/2013 10:10:27 AM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 11/1/2013 1:21:24 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AVGIDSAgent service.

Error - 11/1/2013 9:29:41 PM | Computer Name = Carrie-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:21:28 PM on ?11/?1/?2013 was unexpected.

Error - 11/4/2013 2:24:57 AM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7031
Description = The BitGuard service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 30000 milliseconds: Restart
the service.

Error - 11/4/2013 2:25:27 AM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2

Error - 11/4/2013 3:54:15 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2

Error - 11/5/2013 1:40:13 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2

Error - 11/6/2013 1:08:54 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2

Error - 11/7/2013 2:16:18 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2

Error - 11/8/2013 3:35:37 PM | Computer Name = Carrie-PC | Source = Service Control Manager | ID = 7000
Description = The BitGuard service failed to start due to the following error: %%2


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
galgancl

galgancl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
As per your instructions, here is what you requested:


Adw Cleaner:

# AdwCleaner v3.011 - Report created 08/11/2013 at 23:57:29
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Carrie - CARRIE-PC
# Running from : C:\Users\Carrie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BitGuard

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Carrie\AppData\Local\apn
Folder Deleted : C:\Users\Carrie\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Carrie\AppData\Local\Wajam
Folder Deleted : C:\Users\Carrie\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Carrie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Carrie\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Carrie\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Carrie\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Carrie\AppData\Roaming\Betcat
Folder Deleted : C:\Users\Carrie\AppData\Roaming\Delta
Folder Deleted : C:\Users\Carrie\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Carrie\AppData\Roaming\file scout
Folder Deleted : C:\Users\Carrie\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Carrie\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\Extensions\[email protected]
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\END
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\bprotector_prefs.js
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\searchplugins\delta.xml
File Deleted : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\user.js
File Deleted : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\8e8bd0b469be14
Key Deleted : HKLM\SOFTWARE\8e8bd0b469be14
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v

[ File : C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=115589&tt=3712_5");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "23");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "FD9E5D53C5678117A9138E2775012302");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "be3f3ccc0000000000000024d7c109c4");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15594");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1222:38:05");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"27\",\"lastVrsn\":\"27\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=be3f3ccc0000000000000024d7c109c4&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1222:38:05");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115589&tt=3712_5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1222:38:05");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "4220");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21085\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21085");
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1347648158980 - onFlagInfoReceived - No client-side server mapping version, don't update\n1347648158980 - onFlagInfoReceived - Saving server mapping version\n1[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "994A0C19150D78056D9DA35D7BC9599E");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.25");
Line Deleted : user_pref("extensions.wajam.website_version", "1.00254");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "4a06b753-6254-4971-afb6-0086b4636a4a");

-\\ Google Chrome v

[ File : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16833 octets] - [08/11/2013 23:40:33]
AdwCleaner[R1].txt - [16894 octets] - [08/11/2013 23:51:46]
AdwCleaner[S0].txt - [16482 octets] - [08/11/2013 23:57:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16543 octets] ##########















Junkware-Removal-Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Carrie on Sat 11/09/2013 at 0:05:45.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3068136495-129375732-890116918-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Carrie\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{03455772-191F-4F8B-B3C2-FD6452A4D175}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{0379A07B-2A65-4424-AD2E-E3145F274146}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{04D83384-5740-47C2-BDB3-623E7C9B57B1}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{06FF9783-22A1-4196-BE73-C0A7DB44F538}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{08ACC374-E7A6-40A2-90D1-12EFD3790DC2}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{08CE1439-99C5-4878-B4CF-0EA818FE839D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{08ECB0EF-36CD-4569-BA2D-590C8A688BE2}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{0A11E66D-9672-4620-A11F-750C9C035D36}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{0B044E83-BEDB-419D-BEF8-61F3B37917B1}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{0C36876D-7DC1-4A19-B39F-00DACA9E3630}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{0CBC6B02-621F-4762-82D1-84E6EB09FDB5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{10EEA101-BC00-457F-BAB2-7C49E6CE6209}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{1137E9F3-4966-4EC8-BCC7-34EE0A7FB8D2}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{1604F0AA-DC71-42D5-BB21-ECC8ED2417BE}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{160796B3-BD1D-4FA2-9BA9-361378C7560B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{1A0D2B0D-293B-4361-B9BC-E00D2BEE35C4}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{1B69C971-241B-4D93-8006-B255E8D980B2}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{1EB236A7-E4B1-47FE-B68B-CFE0FB29215B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{201E4E02-4111-479C-8C79-298B0D52ED12}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{20317D66-CD95-474B-A718-8D5570FC1E57}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{21937D78-E047-4C51-9700-360F3B25DCDA}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{21C55772-2879-404F-85DD-6B0C8F754309}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{236E46C2-71F4-48F5-B1FE-D96A981013F1}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{2418056C-9425-4BE7-BFF6-723D163681A2}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{26A1E87D-E110-4F4B-906B-F7B7F7846830}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{279CB567-F126-45E8-9EDF-C26BE515B57B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{28AD144B-CF4B-46D2-AEFD-4648ADB69505}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{28CBF8C6-96E3-4B9E-9B34-4E26E75A1D71}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{29F541E1-1336-449E-B03C-96759682B9E3}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{2D380A7C-387B-4251-92EE-5BFA560C3F3A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{2DA87A38-0B70-4F25-9164-F56B7A826D41}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{32505258-604A-4FC8-B8BD-D8FC33230B1B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{329B2A3C-C98A-47CD-8514-DD8F8B5D1097}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{36028536-ED7B-427E-870F-E576F42AA70B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4100F9FB-D6E3-4054-A486-9B05C302B229}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{424DB0D3-9AE3-4739-856F-35F515BE31B3}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{432A1774-E21E-4508-9075-FFB6470F5BF5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{44DEEA4F-535B-42B3-8DA8-BE05D4E983CA}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4510F23A-EC6F-4D24-B5E5-CE938AF9315C}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{48C4F301-6C1C-4EC3-BA25-AA2CD98BD797}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4973A4EB-81C1-4C5F-9E49-AA1A1E12FE7A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4BBC9707-B382-4750-9F93-971F01B9C74C}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4C01907F-3C68-4E3C-BD24-DA06BE820F57}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4C7AB5D8-0234-45AE-B8D7-BB099F675F7E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4D535D77-0EF5-4C31-A23F-8EF2AD29F61E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4D556521-8E4D-4245-B0AD-E46F9FCDA225}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4D5869AE-2488-4DDD-B502-5078A3459BD9}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4F7B1A9D-DA59-464D-BE0C-625464867BE7}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{4FECA116-9C02-47BE-A51D-B983D3C314A5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{50BD4382-523F-4A36-8159-C04260EC6CB4}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{53941AEC-586D-4DDB-BF4E-567F26421225}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{588E4F3E-0EFB-4EC4-94D3-5AD26BDE1FF8}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{58B46DC1-9D2D-43C0-8859-6A7184157380}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{5A182355-D018-415A-8966-7DB4AC9B3D92}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{5A1BBDF3-2535-4DF2-9A99-20DF886AC33D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{5A6C1C53-CF9B-4CE2-930F-42DA4B0E8FE6}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{5A8533D8-7A8F-4AFC-B8BE-BE6C8CF930E3}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{5D3A6103-D3D9-44DF-89B1-C816E830AE8B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{61C40D17-44E8-4ED9-B450-A03954CACF1A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{627946FF-DE8C-48E5-BB36-3BA7FFF5F78D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{62E753A4-C68E-4252-BED5-5BD727690443}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{66B77A05-5F55-4825-9B7A-D0AF21643CD0}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{67139E46-6C01-4BFA-B61E-96541485AC28}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{6860ABAA-ED36-49AF-A882-C7555F722169}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{69B4EBB2-2019-4D1B-B696-3428CF450272}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{6DBEE577-DB70-4851-A66B-623B4E53D199}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{6E313295-9C46-4DAB-89FC-3E5859FAC644}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{6FDA1084-98B0-4A9F-B96F-AD642AC9EC36}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{72B5B0F1-4A98-4CAC-890D-F90AA65E4995}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{734063FB-4626-4572-B9E3-44C33C5C97A9}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{751EB307-C340-4DF1-BCD2-37CF68EC37D3}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{764B260D-33C1-4A5D-AA5D-ACF67437E5A5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{7841EC15-8F32-4F0D-8560-621760697484}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{7B8E3B5F-E360-4763-92FE-C7252B50F015}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{7D8A6627-67F0-4837-B51D-A0D2B4C10AE3}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{7EAA8058-384E-4EFD-99BE-B23659AA6432}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{7F0A31A8-09A7-4CCB-8ABE-13936926D221}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{83EB67C1-CFBF-4109-8B00-B270EE3A6B1A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{84BC4997-D0C6-4CEE-842D-7FDFDC208AE9}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{84C6F0BF-09FE-47DA-8575-2CA94C7971E9}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{8A20DA4D-A4CF-4418-8F45-15CD4256D130}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{8CB8D6D3-C22D-40D8-B18D-F20A7A658DB1}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{8E230354-C274-4322-8B2A-15447DEE4FEF}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{8EB5A953-1DA6-47DD-AD43-D4DDF7CEBB57}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{90D6E07A-5183-42A2-9D6B-1DE2D68B9CBC}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{933EC5FB-A38D-4242-ABC7-ADC136B545DE}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{94DE2BE8-14E8-4C21-B7A4-2AD6406AAE47}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{967B35E2-9A5C-4142-B130-F78B4592B5C1}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{96FC0840-1938-44D0-80A5-CC27C0BEB509}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{97B7958B-33E7-4880-9E35-33788342EF96}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{991B6B6B-DE06-44E8-AED5-945670978456}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{9D147938-0246-4D22-A0F8-551BBE568C6A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{9F7AA61B-0273-4927-899B-83AF9B584E64}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A09F4394-72A6-4D56-936C-413533894B9B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A0E4B0C8-A753-411B-993D-74279DCAAA0E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A24C8673-5DEB-4691-8170-7D2B21000FFE}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A53088BA-A38D-44E2-BE1E-FDEA15557F2D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A64D94D8-2CF4-4AA5-AF91-F8BF8DE430A8}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A875D914-17C8-4B91-8AD1-432E7F0EECD0}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{A8C9B799-7AB5-4A1B-AA0D-CE2B7EC72E59}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{AA43D692-01C9-4B5C-954C-8E30D3A76738}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{AA5020F6-0D44-4279-8FBB-6E7AF2A41F27}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ABA85363-4A6D-4406-B6CA-B13A00F0365C}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ABFD0BA3-5C4A-4E3E-AF0B-DD314D26E00A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ACB715A8-7D8A-49DE-BF32-F5405389D149}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ACF9791C-200D-4C40-866E-13E2BBFC1D81}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{AECE64CE-B281-4B8B-84A3-4944B9FD40DE}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B02C0128-EFBF-498D-8D08-DEF04EB76076}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B1D49192-0769-4B34-AF70-4869E440AB1C}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B2F7EFAB-3AA7-4418-B704-05B114FB7D34}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B3411C09-A4C6-4550-97AA-B5B75EAB3C07}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B3569EEA-9A50-498F-B0D1-AE8C102E2B97}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B40C19ED-41ED-416D-AC84-409E0813D692}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B45B6FC1-1FC6-434B-8A5B-286CC5355D2B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B7823B9E-F8EF-4993-9AD3-C7CBF54B6B90}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{B8C7B45C-495A-4E2C-8299-D5BF954A383C}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{BB2647A8-1E05-4F69-82EC-92508F5CA601}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{BC73FC13-0659-4B50-9E43-F3C5B20F1962}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{BCD0A565-DD2E-470C-AF17-5299A8CA7903}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{C85C9E60-D4F8-4E06-BE61-8558BE397DEB}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{C911560E-3AE5-418E-AA6E-850A0E20A821}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{CA35CF98-950A-454E-B725-64B9EE4C777D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{CB0BF285-B83A-4924-AF9A-1B4FABBA5674}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{CD56004F-AE90-4A9D-B44B-8FDDAFDB3770}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{CEFB80D0-FD5E-4329-852A-23EACE3EB86F}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{D15F11BF-7B9C-4703-958A-F343564FB442}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{D283D039-64C2-4341-8277-77FD792D351D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{D4CD6BD5-18F1-4CA6-A8BE-BB7C482E3C2B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{DAADF68A-357E-4356-9FCE-A62348F5B60B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{DB816BFE-27F0-472B-9458-DD4A87B9300B}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{DC968899-DCC7-4B98-8777-617ECD6C3DB5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{DCE3B6A8-5B31-46AB-A60A-A746C8F2C162}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{DF3773F3-D1B7-4DF8-B09C-927A82F24E75}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{E12C864B-3F7D-4A7B-9886-973E225949DC}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{E6FDE4F0-F9C4-49FF-A1BB-C2B1475509F8}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{E9CDF6C1-0833-4786-B6D0-BA2275CB030E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{EA189AD8-74C3-40ED-9893-052BB5E6E317}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{EB648BE7-68EB-4D73-9118-561F326AD95D}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ECCA5FF7-778C-4104-9725-CF815C00CD25}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{ED32852B-B89C-4A49-A257-0432872B3ADD}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F1F4DB27-F439-4822-B8A4-A6E5E34BD501}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F2B48290-C03B-404A-A78F-AB3F4B3BFCF0}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F2D941D8-CCDE-4D2E-8BBF-D4A658A8CD0E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F2E3E52C-B594-44F8-8934-2DD0169C6788}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F8465C7E-A723-45BD-91AD-6FEE60D8C861}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{F9F60E0A-DCFA-4040-9462-C99B4081085A}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{FB0CCA51-0BDE-476C-BF3E-D34F117F085E}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{FB3BF66A-8EA5-4E70-B01D-1F0B9B3A7DE5}
Successfully deleted: [Empty Folder] C:\Users\Carrie\appdata\local\{FE4BA92F-12AB-4D5A-9EBF-14A4B0C01455}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/09/2013 at 0:15:56.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~















Farbar Recovery Scan Tool

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Carrie (administrator) on CARRIE-PC on 09-11-2013 00:16:52
Running from C:\Users\Carrie\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Dropbox, Inc.) C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-07] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [NIRegistrationWizard] - C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
HKCU\...\Run: [DellSystemDetect] - C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKCU\...\Run: [Facebook Update] - C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-10] (Facebook Inc.)
MountPoints2: {663468f6-c199-11e2-aedc-806e6f6e6963} - D:\autoRcd.exe
MountPoints2: {8551c57e-c185-11e2-ae36-806e6f6e6963} - D:\autoRcd.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NI Update Service] - C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [857888 2013-05-28] (National Instruments)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [97280 2009-07-13] ()
AppInit_DLLs-x32: [ ] ()
Startup: C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 128.153.5.248 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "chrome://newtab/", "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Bejeweled) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (YouTube) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Facebook) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0
CHR Extension: (Digital Clock CE-7) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceppoilemjnhfdbkekhcnagmfnhokjgm\1.2_0
CHR Extension: (Google Search) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Calculator) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja\3.5.2_0
CHR Extension: (Google Calendar) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0
CHR Extension: (Digital Clock) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0
CHR Extension: (AdBlock) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2013.105.3.0_0
CHR Extension: (My Browser Page) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0
CHR Extension: (Poppit) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Awesome New Tab Page) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0
CHR Extension: (Quick Note) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0
CHR Extension: (Gmail) - C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [125440 2012-03-09] (Cypress Semiconductor, Inc.)
S3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14336 2012-03-09] (Cypress Semiconductor, Inc.)
S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [88576 2012-03-09] (Cypress Semiconductor, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-09 00:15 - 2013-11-09 00:15 - 00016936 _____ C:\Users\Carrie\Desktop\JRT.txt
2013-11-09 00:04 - 2013-11-09 00:04 - 00000000 ____D C:\FRST
2013-11-09 00:03 - 2013-11-09 00:03 - 01957098 _____ (Farbar) C:\Users\Carrie\Desktop\FRST64.exe
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 ____D C:\Windows\ERUNT
2013-11-09 00:02 - 2013-11-09 00:02 - 01034531 _____ (Thisisu) C:\Users\Carrie\Desktop\JRT.exe
2013-11-08 23:38 - 2013-11-08 23:57 - 00000000 ____D C:\AdwCleaner
2013-11-08 23:38 - 2013-11-08 23:38 - 01073262 _____ C:\Users\Carrie\Desktop\AdwCleaner.exe
2013-11-08 18:04 - 2013-11-09 00:00 - 00000000 ____D C:\Users\Carrie\Desktop\Virus
2013-11-07 13:32 - 2013-11-07 13:32 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files\iPod
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-22 14:21 - 2013-10-22 14:21 - 00003120 _____ C:\Windows\System32\Tasks\YourFile DownloaderUpdate

==================== One Month Modified Files and Folders =======

2013-11-09 00:17 - 2013-05-21 13:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 00:15 - 2013-11-09 00:15 - 00016936 _____ C:\Users\Carrie\Desktop\JRT.txt
2013-11-09 00:06 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 00:06 - 2009-07-13 23:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 00:05 - 2013-05-20 14:11 - 01695928 _____ C:\Windows\WindowsUpdate.log
2013-11-09 00:04 - 2013-11-09 00:04 - 00000000 ____D C:\FRST
2013-11-09 00:03 - 2013-11-09 00:03 - 01957098 _____ (Farbar) C:\Users\Carrie\Desktop\FRST64.exe
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 ____D C:\Windows\ERUNT
2013-11-09 00:03 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-09 00:02 - 2013-11-09 00:02 - 01034531 _____ (Thisisu) C:\Users\Carrie\Desktop\JRT.exe
2013-11-09 00:02 - 2011-07-25 21:31 - 00000000 ____D C:\Users\Carrie\AppData\Roaming\Dropbox
2013-11-09 00:01 - 2011-07-25 21:33 - 00000000 ___RD C:\Users\Carrie\Dropbox
2013-11-09 00:00 - 2013-11-08 18:04 - 00000000 ____D C:\Users\Carrie\Desktop\Virus
2013-11-08 23:59 - 2013-05-22 09:05 - 00015863 _____ C:\Windows\setupact.log
2013-11-08 23:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 23:57 - 2013-11-08 23:38 - 00000000 ____D C:\AdwCleaner
2013-11-08 23:38 - 2013-11-08 23:38 - 01073262 _____ C:\Users\Carrie\Desktop\AdwCleaner.exe
2013-11-08 21:36 - 2013-06-10 23:31 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job
2013-11-08 18:40 - 2013-05-21 14:30 - 00000000 ____D C:\ProgramData\MFAData
2013-11-08 00:36 - 2013-06-10 23:31 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job
2013-11-07 13:32 - 2013-11-07 13:32 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files\iPod
2013-11-07 13:32 - 2013-11-07 13:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-04 14:54 - 2010-11-20 22:47 - 00034534 _____ C:\Windows\PFRO.log
2013-11-02 14:09 - 2011-07-25 14:49 - 00000000 ____D C:\Users\Carrie\AppData\Roaming\Skype
2013-10-29 18:01 - 2013-09-18 12:23 - 00000000 ____D C:\Users\Carrie\Desktop\Clubs
2013-10-28 22:12 - 2013-10-03 19:19 - 00000000 ____D C:\Users\Carrie\Desktop\School
2013-10-23 01:33 - 2013-05-24 23:34 - 00000000 ____D C:\Program Files (x86)\Creative
2013-10-23 01:32 - 2013-05-20 14:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-22 14:21 - 2013-10-22 14:21 - 00003120 _____ C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2013-10-21 20:12 - 2013-06-05 21:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-21 20:12 - 2013-05-22 19:16 - 00000000 ____D C:\ProgramData\Skype
2013-10-21 13:18 - 2013-09-13 23:35 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-17 20:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\Carrie\AppData\Local\Temp\BackupSetup.exe
C:\Users\Carrie\AppData\Local\Temp\htmlayout.dll
C:\Users\Carrie\AppData\Local\Temp\nsq19B2.exe
C:\Users\Carrie\AppData\Local\Temp\nsq31DC.exe
C:\Users\Carrie\AppData\Local\Temp\nsqCFD.exe
C:\Users\Carrie\AppData\Local\Temp\Quarantine.exe
C:\Users\Carrie\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Carrie\AppData\Local\Temp\SPID123413124.exe
C:\Users\Carrie\AppData\Local\Temp\SPID93341950.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58171977.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58172850.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58253004.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58647873.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar93365241.exe
C:\Users\Carrie\AppData\Local\Temp\uninst1.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133533969.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133533985.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133534001.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58400908.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58414153.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58779975.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58788227.exe
C:\Users\Carrie\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 13:20

==================== End Of Log ============================






ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Carrie at 2013-11-09 00:19:07
Running from C:\Users\Carrie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

4500_G510nz_Help_Web (x32 Version: 000.0.440.000)
4500G510nz_Software_Min (x32 Version: 000.0.423.000)
4500G510nz_web (x32 Version: 000.0.439.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
AccelerometerP11 (x32 Version: 2.00.10.21)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Advanced Video FX Engine (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Bonjour (Version: 3.0.0.10)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 14.4.6.2)
BufferChm (x32 Version: 130.0.331.000)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Touchpad (Version: 7.1208.101.114)
Dell Webcam Central (x32 Version: 1.40.05)
Dropbox (HKCU Version: 2.0.22)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
HP Officejet 4500 G510n-z (Version: 13.0)
iCloud (Version: 3.0.2.163)
IDT Audio (x32 Version: 1.0.6316.0)
InstallVC90Support (x32 Version: 1.01.0000)
Intel PROSet Wireless
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2266)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.20110)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
iTunes (Version: 11.1.3.8)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Math Kernel Libraries (64-bit) (Version: 1.0.23.0)
Math Kernel Libraries (x32 Version: 1.0.23.0)
MATLAB R2011a Student Version (x32 Version: 7.12)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 5.1 (x32 Version: 5.1.3100)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.3.6261.27)
National Instruments Software (x32 Version: )
Network64 (Version: 130.0.550.000)
NI .NET Framework 4.0 (x32 Version: 4.01.49152)
NI ActiveX Container (64-bit) (Version: 12.0.14.0)
NI ActiveX Container (x32 Version: 12.0.14.0)
NI Assistant Framework (x32 Version: 8.0.112.0)
NI Assistant Framework 64-bit (Version: 8.0.120.0)
NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0)
NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0)
NI Authentication 12.0.0 (x32 Version: 12.0.367.0)
NI CodeSignAPI (x32 Version: 2.70.346)
NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0)
NI Curl 12.0.0 (x32 Version: 12.0.412.0)
NI Customer Experience Improvement Program (x32 Version: 1.0.138.0)
NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0)
NI DataSocket 5.0 (x32 Version: 5.0.115.0)
NI Distributed System Manager 2012 (x32 Version: 12.0.55.0)
NI DN 2.0 SP1 installer (x32 Version: 2.11.49152)
NI Error Reporting 2012 (x32 Version: 12.0.172.0)
NI EulaDepot (x32 Version: 3.20.345)
NI Example Finder 12.0 (x32 Version: 12.0.291.0)
NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0)
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0)
NI Help Assistant 2.0 (64bit) (Version: 2.0.3)
NI Help Assistant 2.0 (x32 Version: 2.0.3)
NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0)
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0)
NI LabVIEW 2011 SP1 Deployable License (x32 Version: 11.0.399.0)
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.231.0)
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.322.0)
NI LabVIEW 2012 (32-bit) (x32 Version: 12.0.388.0)
NI LabVIEW 2012 Deployable License (x32 Version: 12.0.364.0)
NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0)
NI LabVIEW 2012 f3 (x32 Version: 12.0.423.0)
NI LabVIEW 2012 Help (x32 Version: 12.0.363.0)
NI LabVIEW 2012 Help File (x32 Version: 12.0.359.0)
NI LabVIEW 2012 License (x32 Version: 12.0.360.0)
NI LabVIEW 2012 Manuals (x32 Version: 12.0.358.0)
NI LabVIEW 2012 MeasAppChm File (x32 Version: 12.0.359.0)
NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0)
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0)
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.0.406.0)
NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0)
NI LabVIEW 2012 Search (x32 Version: 12.0.4.0)
NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0)
NI LabVIEW 2012 Variable Web Service (x32 Version: 12.0.191.0)
NI LabVIEW 2012 Web Server (x32 Version: 12.0.407.0)
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0)
NI LabVIEW Broker (x32 Version: 6.8.10.0)
NI LabVIEW C Interface (x32 Version: 1.0.1)
NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.0.186.0)
NI LabVIEW MAX XML (x32 Version: 9.0.6.0)
NI LabVIEW Merge Utility 12.0.0 (x32 Version: 12.0.187.0)
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0)
NI LabVIEW Run-Time Engine 2012 f3 (x32 Version: 12.0.435.0)
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0)
NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.204.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0)
NI LabVIEW Web Services Runtime (x32 Version: 12.0.409.0)
NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360)
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434)
NI Launcher (x32 Version: 3.20.345)
NI License Manager (x32 Version: 3.7.44)
NI Logos 5.4 (64-bit) (Version: 5.4.303.0)
NI Logos 5.4 (x32 Version: 5.4.303.0)
NI Logos LabVIEW 2012 Support (x32 Version: 12.0.360.0)
NI Logos XT Support (x32 Version: 5.4.295.0)
NI Logos64 XT Support (Version: 5.4.295.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0)
NI Math Kernel Libraries (x32 Version: 1.0.10.0)
NI MAX Remote Configuration 64-bit Installer 5.3 (Version: 5.30.49152)
NI MAX Remote Configuration Installer 5.3 (x32 Version: 5.30.49152)
NI MAX Support for 64 Bit Windows (Version: 5.30.49152)
NI MDF Support (x32 Version: 3.20.345)
NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152)
NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152)
NI Measurement & Automation Explorer 5.3.0 (x32 Version: 5.30.49152)
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101)
NI MetaSuite Installer (x32 Version: 3.20.345)
NI MXS 5.3.0 (x32 Version: 5.30.49152)
NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152)
NI Network Discovery 5.3 (x32 Version: 5.30.49152)
NI Network Discovery 5.3 for Windows 64-bit (Version: 5.30.49152)
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0)
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (x32 Version: 12.0.363.0)
NI OPC Support (x32 Version: 12.0.295.0)
NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152)
NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152)
NI Registration Wizard (x32 Version: 1.3.87.0)
NI Remote Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI Search Shared (x32 Version: 12.0.5.0)
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0)
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0)
NI Security Update (KB67L8L0QW) (x32 Version: 8.6.10500)
NI Security Update (KB67L8LIQW) (x32 Version: 8.6.10500)
NI SLCP 1.0 (x32 Version: 1.0.63.0)
NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152)
NI SSL LabVIEW 2012 Support (x32 Version: 12.0.406.0)
NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0)
NI SSL Support (64-bit) (Version: 12.0.408.0)
NI SSL Support (x32 Version: 12.0.408.0)
NI System API Client for WIF 5.3.0 (x32 Version: 5.30.461.0)
NI System API Web-Servce 32-bit 5.3.0 (x32 Version: 5.30.460.0)
NI System API Windows 32-bit 5.3.0 (x32 Version: 5.30.460.0)
NI System API Windows 64-bit 5.3.0 (Version: 5.30.460.0)
NI System Configuration 5.3.0 LabVIEW Support (x32 Version: 5.30.212.0)
NI System Configuration LV2012 Support 5.3.0 (x32 Version: 5.30.207.0)
NI System Configuration Runtime 5.3.0 (x32 Version: 5.30.427.0)
NI System Configuration Runtime 5.3.0 for Windows 64-bit (Version: 5.30.426.0)
NI System State Publisher (64-bit) (Version: 12.0.218.0)
NI System State Publisher (x32 Version: 12.0.358.0)
NI System Web Server 12.0 (x32 Version: 12.0.414.0)
NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0)
NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0)
NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0)
NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0)
NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0)
NI TDM Streaming 2.4 (x32 Version: 2.4.55.0)
NI Trace Engine (64-bit) (Version: 12.0.401.0)
NI Trace Engine (x32 Version: 12.0.401.0)
NI Uninstaller (x32 Version: 3.20.345)
NI Update Service 2.3 (64-bit) (Version: 2.30.53)
NI Update Service 2.3 (x32 Version: 2.30.65)
NI USI 2.0.0 (x32 Version: 2.0.04901)
NI USI 2.0.0 64-Bit (Version: 2.0.04901)
NI Variable Engine (64-bit) (Version: 2.6.296.0)
NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0)
NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.0.360.0)
NI VC2005MSMs x64 (Version: 8.05.0)
NI VC2005MSMs x86 (x32 Version: 8.05.0)
NI VC2008MSMs x64 (Version: 9.0.401)
NI VC2008MSMs x86 (x32 Version: 9.0.401)
NI VC2010SP1MSMs x64 (Version: 10.0.100)
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100)
NI VIPM Helper 2012 (x32 Version: 12.0.211.0)
NI Web Application Server 12.0 (64-bit) (Version: 12.0.422.0)
NI Web Application Server 12.0 (x32 Version: 12.0.422.0)
NI Web Interface Framework 2012 (x32 Version: 12.0.352.0)
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0)
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0)
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0)
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0)
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0)
NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152)
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152)
NI-Mesa (Version: 11.0.11.0)
NI-Mesa (x32 Version: 11.0.11.0)
NI-RPC 4.3.0f0 (x32 Version: 4.30.49152)
NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152)
NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.19)
QuickTime (x32 Version: 7.74.80.86)
Reset NI Config 5.0.0 (x32 Version: 5.0.146.0)
Scan (x32 Version: 13.0.0.0)
Skype™ 6.9 (x32 Version: 6.9.106)
TeraCopy 2.27
Toolbox (x32 Version: 130.0.648.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WebReg (x32 Version: 130.0.132.017)
WIF Core Dependencies Windows 5.3.0 (x32 Version: 5.30.208.0)

==================== Restore Points =========================

17-10-2013 14:43:07 Scheduled Checkpoint
23-10-2013 06:31:56 Removed Live! Cam Avatar Creator
23-10-2013 06:33:11 Removed Live! Cam Avatar
31-10-2013 00:43:58 Scheduled Checkpoint
08-11-2013 22:32:27 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {096E95ED-E06E-4EB1-84FD-570A90C0FDDE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-10] (Facebook Inc.)
Task: {4875B650-EAD0-444E-B39A-CFB8232A8881} - \EPUpdater No Task File
Task: {518CB141-C80C-4910-8BFB-B5C654D0FE64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {56D1AB56-0429-4565-B369-BC0932966931} - \Express FilesUpdate No Task File
Task: {857F3793-7F9E-4F04-B7DB-BF865D6CC5D1} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2013-05-28] (National Instruments)
Task: {9669799C-2A1E-498C-8C81-C26F7A901D8D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-10] (Facebook Inc.)
Task: {976F7CEF-5888-4749-A85F-407A35580953} - \GoforFilesUpdate No Task File
Task: {B1A02AE0-917F-4B3F-B648-8523139DCA92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D2FCC226-8914-4374-8925-1C3A283F83AB} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {D8270F1F-8F5C-477C-A76F-96CADEE5156C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DDE1CCB9-CAC7-45C5-A08A-4806AB82CE42} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-23 12:33 - 2010-12-23 12:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-05-20 14:32 - 2010-12-16 23:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-05-21 15:05 - 2011-10-26 16:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-04 16:43 - 2012-10-04 16:43 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtCore_2012.dll
2012-10-04 16:43 - 2012-10-04 16:43 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtGui_2012.dll
2012-01-26 09:36 - 2012-01-26 09:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2012-05-29 17:07 - 2012-05-29 17:07 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Carrie\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-17 13:22 - 2013-08-17 13:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll
2013-05-20 14:42 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3992.93 MB
Available physical RAM: 2531.78 MB
Total Pagefile: 7984.05 MB
Available Pagefile: 6336.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:365.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 32BC79BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
























OTL

OTL logfile created on: 11/9/2013 12:20:51 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carrie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 63.62% Memory free
7.80 Gb Paging File | 6.20 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 365.25 Gb Free Space | 78.44% Space Free | Partition Type: NTFS

Computer Name: CARRIE-PC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/11/08 15:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/20 22:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/07 21:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2012/06/05 22:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2012/06/05 13:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2012/06/05 13:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2012/06/05 12:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2012/05/31 15:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2012/05/29 17:07:20 | 000,659,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
PRC - [2012/05/22 22:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2012/05/22 08:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2012/05/22 08:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2011/05/06 14:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2010/12/15 09:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 11:46:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 11:45:55 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 11:45:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 08:09:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 13:22:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll
MOD - [2013/08/17 13:15:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/17 13:14:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/17 13:14:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 10:31:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013/07/10 08:10:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Carrie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/05/29 17:07:20 | 001,958,560 | ---- | M] () -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
MOD - [2012/01/26 09:36:18 | 000,278,528 | R--- | M] () -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
MOD - [2010/12/15 09:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/22 08:38:20 | 000,076,488 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/07 18:43:40 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/08 22:47:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 21:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2012/06/05 22:56:56 | 000,169,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2012/06/05 13:09:58 | 000,370,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2012/06/05 13:07:08 | 000,060,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2012/06/05 12:58:56 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2012/05/31 15:51:58 | 000,258,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2012/05/22 22:50:12 | 000,051,360 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2012/05/22 08:39:06 | 000,053,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2012/05/22 08:38:06 | 000,053,960 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2012/05/18 12:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)
SRV - [2011/05/06 14:08:28 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/12/03 14:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 14:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/02 09:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 10:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/09 23:05:00 | 000,088,576 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
DRV:64bit: - [2012/03/09 23:05:00 | 000,014,336 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
DRV:64bit: - [2012/03/09 23:04:58 | 000,125,440 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 05:49:38 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/01/05 20:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/01/04 12:31:16 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/01/03 13:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 00:39:10 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/13 08:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/07 18:43:40 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/08/20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.25
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.6.1123.78
FF - prefs.js..extensions.enabledAddons: [email protected]:14.2.0.1
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)


[2011/09/06 08:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Extensions
[2013/11/08 23:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\pyifsapr.default\extensions
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.6.1123.78\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\CARRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PYIFSAPR.DEFAULT\EXTENSIONS\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carrie\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carrie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Carrie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement Web App = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Bejeweled = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Digital Clock CE-7 = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceppoilemjnhfdbkekhcnagmfnhokjgm\1.2_0\
CHR - Extension: Google Search = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Calculator = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja\3.5.2_0\
CHR - Extension: Google Calendar = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: Digital Clock = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: AdBlock = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: Awesome Weather Widget [ANTP] = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2013.105.3.0_0\
CHR - Extension: My Browser Page = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg\1.0_0\
CHR - Extension: Poppit = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0\
CHR - Extension: Quick Note = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0\
CHR - Extension: Gmail = C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NI Update Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.153.5.248 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94D528B1-0E97-4BAF-B78A-874D6C0C897A}: DhcpNameServer = 128.153.5.248 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{663468f6-c199-11e2-aedc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{663468f6-c199-11e2-aedc-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O33 - MountPoints2\{8551c57e-c185-11e2-ae36-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8551c57e-c185-11e2-ae36-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Carrie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/09 00:04:24 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/09 00:03:53 | 001,957,098 | ---- | C] (Farbar) -- C:\Users\Carrie\Desktop\FRST64.exe
[2013/11/09 00:03:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/09 00:02:56 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Carrie\Desktop\JRT.exe
[2013/11/08 23:38:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/08 18:04:42 | 000,000,000 | ---D | C] -- C:\Users\Carrie\Desktop\Virus
[2013/11/08 15:43:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
[2013/11/07 13:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 13:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 13:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/11 21:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/11/09 00:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 00:06:49 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 00:06:49 | 000,021,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 00:03:54 | 001,957,098 | ---- | M] (Farbar) -- C:\Users\Carrie\Desktop\FRST64.exe
[2013/11/09 00:03:50 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/09 00:03:50 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/09 00:03:50 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/09 00:02:57 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Carrie\Desktop\JRT.exe
[2013/11/08 23:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/08 23:59:09 | 3140,169,728 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 23:38:32 | 001,073,262 | ---- | M] () -- C:\Users\Carrie\Desktop\AdwCleaner.exe
[2013/11/08 21:36:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job
[2013/11/08 15:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Desktop\OTL.exe
[2013/11/08 00:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job
[2013/11/07 13:32:56 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/11/08 23:38:31 | 001,073,262 | ---- | C] () -- C:\Users\Carrie\Desktop\AdwCleaner.exe
[2013/11/07 13:32:56 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/15 15:50:42 | 000,143,058 | ---- | C] () -- C:\Windows\hpwins28.dat
[2013/07/15 15:50:42 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2013/05/22 21:54:52 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/21 15:28:56 | 000,145,734 | ---- | C] () -- C:\Users\Carrie\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2013/05/21 15:28:56 | 000,000,491 | ---- | C] () -- C:\Users\Carrie\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2013/05/21 15:24:57 | 000,009,728 | ---- | C] () -- C:\Users\Carrie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/21 15:24:37 | 000,196,384 | ---- | C] () -- C:\Users\Carrie\7.jpg
[2013/05/21 15:24:37 | 000,123,626 | ---- | C] () -- C:\Users\Carrie\1.jpg
[2013/05/21 15:24:37 | 000,113,443 | ---- | C] () -- C:\Users\Carrie\6.jpg
[2013/05/21 15:24:37 | 000,100,824 | ---- | C] () -- C:\Users\Carrie\19.jpg
[2013/05/21 15:24:37 | 000,090,172 | ---- | C] () -- C:\Users\Carrie\5.jpg
[2013/05/21 15:06:01 | 000,199,313 | ---- | C] () -- C:\Users\Carrie\29.jpg
[2013/05/21 15:06:01 | 000,180,290 | ---- | C] () -- C:\Users\Carrie\24.jpg
[2013/05/21 15:06:01 | 000,091,749 | ---- | C] () -- C:\Users\Carrie\20.jpg
[2013/05/21 15:06:01 | 000,090,223 | ---- | C] () -- C:\Users\Carrie\38.jpg
[2013/05/21 15:06:01 | 000,085,585 | ---- | C] () -- C:\Users\Carrie\28.jpg
[2013/05/21 15:06:01 | 000,077,340 | ---- | C] () -- C:\Users\Carrie\32.jpg
[2013/05/21 15:06:01 | 000,049,743 | ---- | C] () -- C:\Users\Carrie\23.jpg
[2013/05/20 15:13:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2013/05/20 15:13:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013/05/20 14:33:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/05/20 14:33:51 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/05/20 14:33:49 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/23 13:50:42 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BPKT-22PK4T0
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/08/17 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Adobe
[2013/05/16 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Apple Computer
[2013/02/22 17:28:28 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Autodesk
[2013/09/19 13:00:13 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\AVG2014
[2013/05/24 23:40:23 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Creative
[2013/05/21 15:28:51 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\CyberLink
[2013/05/22 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\cypress
[2013/06/03 21:50:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Dell
[2013/11/09 00:02:16 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Dropbox
[2013/05/21 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Google
[2011/08/11 21:07:00 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\HP
[2011/12/16 15:28:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\HpUpdate
[2013/05/21 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Identities
[2013/05/20 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\InstallShield
[2011/07/25 13:50:14 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Intel
[2013/05/20 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Intel Corporation
[2012/12/21 17:24:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Intuit
[2011/07/25 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Macromedia
[2011/07/29 18:01:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Malwarebytes
[2013/05/21 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\MathWorks
[2010/11/21 02:16:58 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Media Center Programs
[2013/10/05 20:18:39 | 000,000,000 | --SD | M] -- C:\Users\Carrie\AppData\Roaming\Microsoft
[2013/03/07 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Mozilla
[2012/01/18 17:43:06 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Octoshape
[2013/05/21 15:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\ooVoo Details
[2011/07/25 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Opera
[2013/06/03 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\PCDr
[2012/12/27 23:39:36 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Real
[2013/05/24 23:40:34 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Reallusion
[2012/12/28 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\RealNetworks
[2013/05/21 15:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Roxio
[2013/05/21 15:28:59 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Roxio Burn
[2013/11/02 14:09:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Skype
[2013/05/21 15:05:50 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\TeraCopy
[2013/05/24 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\tmp
[2013/05/21 14:35:56 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\TuneUp Software
[2013/05/21 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\U3
[2013/09/02 15:41:45 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\vlc
[2013/05/21 15:29:01 | 000,000,000 | ---D | M] -- C:\Users\Carrie\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 22:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 22:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 22:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 22:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 22:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 22:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is C8E9-0EBE
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Carrie
05/20/2013 02:11 PM <JUNCTION> Application Data [C:\Users\Carrie\AppData\Roaming]
05/20/2013 02:11 PM <JUNCTION> Cookies [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Cookies]
05/20/2013 02:11 PM <JUNCTION> Local Settings [C:\Users\Carrie\AppData\Local]
05/20/2013 02:11 PM <JUNCTION> My Documents [C:\Users\Carrie\Documents]
05/20/2013 02:11 PM <JUNCTION> NetHood [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/20/2013 02:11 PM <JUNCTION> PrintHood [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/20/2013 02:11 PM <JUNCTION> Recent [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Recent]
05/20/2013 02:11 PM <JUNCTION> SendTo [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\SendTo]
05/20/2013 02:11 PM <JUNCTION> Start Menu [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu]
05/20/2013 02:11 PM <JUNCTION> Templates [C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Carrie\AppData\Local
05/20/2013 02:11 PM <JUNCTION> Application Data [C:\Users\Carrie\AppData\Local]
05/20/2013 02:11 PM <JUNCTION> History [C:\Users\Carrie\AppData\Local\Microsoft\Windows\History]
05/20/2013 02:11 PM <JUNCTION> Temporary Internet Files [C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Carrie\Documents
05/20/2013 02:11 PM <JUNCTION> My Music [C:\Users\Carrie\Music]
05/20/2013 02:11 PM <JUNCTION> My Pictures [C:\Users\Carrie\Pictures]
05/20/2013 02:11 PM <JUNCTION> My Videos [C:\Users\Carrie\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 391,930,908,672 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\ReinstallCommand: "C:\Users\Carrie\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\HideIconsCommand: "C:\Users\Carrie\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\ShowIconsCommand: "C:\Users\Carrie\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\shell\open\command\\: "C:\Users\Carrie\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013/05/20 15:54:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013/05/20 15:54:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013/05/20 15:54:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\ReinstallCommand: "C:\USERS\CARRIE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\HideIconsCommand: "C:\USERS\CARRIE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\InstallInfo\\ShowIconsCommand: "C:\USERS\CARRIE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.EONSZXO5DELRCWB6WNVHLJNTKQ\shell\open\command\\: "C:\USERS\CARRIE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/02/28 18:08:22 | 001,274,832 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/05/20 15:54:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/05/20 15:54:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/05/20 15:54:10 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 05:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 22:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2010/11/21 02:06:24 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2010/11/21 02:06:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >



EXTRAS

OTL Extras logfile created on: 11/9/2013 12:20:51 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carrie\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 63.62% Memory free
7.80 Gb Paging File | 6.20 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 365.25 Gb Free Space | 78.44% Space Free | Partition Type: NTFS

Computer Name: CARRIE-PC | User Name: Carrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.EONSZXO5DELRCWB6WNVHLJNTKQ] -- C:\Users\Carrie\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Users\Carrie\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Users\Carrie\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8B1B5056-C179-40BB-9519-6BE35C758D8C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A861677F-177D-45E9-929D-04AC30084BE0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3580-3581 | protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3580-3581 | protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B6EB940-0BF5-4A23-8191-D03ACE0D1DB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{12A7236C-0039-462D-BFF4-0DC420220C55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{146FAA58-20C4-494A-AB8E-05A8176A3F69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{1ADF2BDC-1653-426A-B8B4-A8F23AD96346}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1DD96EFD-647F-427A-83CD-A669A0A3EE87}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{247E53F1-4AFA-47AE-BBB0-A7C855E802FB}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{250CEA21-144B-4795-89F1-2722BC8E6B66}" = dir=in | app=c:\users\carrie\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{255782D5-BA21-420B-BB1E-D37C7B958143}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{330116C7-7FD3-415C-94DD-297828E8CFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{34433C35-DBFC-4A67-BE20-EF8E0CEF597A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe |
"{3E45F281-491C-4EF3-8E36-DD942780AD81}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{402DA793-2400-44D5-98E1-0E2494BA99FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{41E6BBD2-C572-453F-8705-64B779A2FA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{4CDAB9C4-7D86-4E7C-AB63-EA6DACE181D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4EF68BDE-0739-4F8B-B36E-4B89188E6987}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{60969B7E-3E41-479E-829A-E44AC06D942F}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{68489F1F-464B-4F31-8F71-53427789E853}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{6DC1D14B-95AF-400B-994B-0F598C8056B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6FEC3937-D22E-4520-8093-7F3102B4C836}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{700B1453-0A88-406A-8558-E59666992B4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70C4E51F-ED71-4F0A-929E-79EB3CD82098}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{7A56CBF1-4136-44B7-827C-F65F6B9F119A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{84EA22E5-3C81-4F6C-9E98-40A99889EBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9AD99CE9-01F2-4BA7-B2AD-34AF084A669F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A3B3CB85-26AA-4C74-A138-E5A4407E0DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{A40D82E9-DE48-4B41-BA0B-532133ED7F1B}" = dir=in | app=c:\users\carrie\appdata\local\temp\hp\oj4500vg510n-z_basic_13_en\setup\hpznui40.exe |
"{A91E0BA0-B835-40F1-A413-76E9621F0780}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{AC8BE84D-B6DC-4339-8100-F1937316BB21}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{AD64CCC9-C3E1-4DF1-B07E-A6512D06FF6F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B4015A2B-03AA-45CD-AB7F-82A4429B84E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{C7684F40-6ABA-42E9-943F-FB06564420FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CDC28A86-F54C-4B8E-A3EB-87337374E223}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CEA569B9-0E4E-4B48-8332-85F1EA69FDF8}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{D6599B12-A178-48B5-884A-3CAF45F5274D}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{E47E2283-1F73-483A-91F9-4D2030A70B5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E601A24C-B4B0-4459-A8CF-D2522F6D2599}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EF0C3BAC-2FDD-4399-9578-6C247FD24184}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FD99EEAE-C651-4802-A52D-C10CC91C3090}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000A570E-F926-4808-956C-A57EE91B75F6}" = NI TDM Streaming 2.4 (64-bit)
"{00606A59-716C-484A-AE64-5F7E3F23B3BD}" = NI GMP Windows 64-bit Installer 12.0.0
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{07E00E94-7A78-40FA-9BEF-71C190E98041}" = NI VC2008MSMs x64
"{0C2486A3-EF0D-4C6C-9947-C63D6E8C6E4C}" = NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
"{0EA4894B-C99B-48E4-976A-94B55CB89239}" = NI MXS 5.3.0 for 64 Bit Windows
"{176468CE-41AB-4A9A-AC38-45A146D39688}" = NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
"{197B80EB-D791-4DA4-9398-B5F029738E22}" = NI System State Publisher (64-bit)
"{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
"{1E0A5B20-9D36-4861-BEF8-9B9B4C278218}" = NI TDM Excel Add-In 3.4 64-bit
"{20F3F8E0-7CCF-4A4E-A23C-58B188E87F4F}" = NI System Configuration Runtime 5.3.0 for Windows 64-bit
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{25DECAB0-6580-4B9C-8174-5AC6C9E2D823}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
"{28324488-BF50-488F-BE40-6ED3CFA40C26}" = NI Variable Engine (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{32C65538-80DA-41C9-B990-EED4D260B50F}" = NI System API Windows 64-bit 5.3.0
"{3F7CDE88-3B1B-42C1-ACDF-05720E0B04BB}" = NI Web Application Server 12.0 (64-bit)
"{41B541B6-3518-4343-8A67-46FF9A4AA1A3}" = NI USI 2.0.0 64-Bit
"{45A790D5-C7EB-4BE0-B71A-10C550844AF6}" = NI Portable Configuration for 64 Bit Windows 5.3.0
"{46EF0477-FBC0-47D4-B9B6-81DB345C18E9}" = NI Network Discovery 5.3 for Windows 64-bit
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software
"{4DD08E99-6FC1-4188-9A2E-0AF968279E41}" = NI mDNS Responder 2.1 for Windows 64-bit
"{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{58A9B4F6-2E67-464A-9F71-95F6D7159702}" = NI Math Kernel Libraries (64-bit)
"{5A59ABAE-5F06-4241-B607-6376C29F9F31}" = NI Logos64 XT Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{774510C7-E6AC-4ECB-ACEF-D5284FED4D0A}" = NI-RPC 4.3.0f0 for 64 Bit Windows
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824088E6-2B7A-4CD3-9835-D2AE8BB55EBF}" = NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
"{86F88524-6AF8-4D10-9F3C-AFB0DA2A3F39}" = NI ActiveX Container (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8CF8CB9F-1FF7-4029-8B3D-9A40100B4A09}" = NI Logos 5.4 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9C10623C-BF56-4D66-8F1F-B2D667E44986}" = NI System Web Server Base 12.0.0 (64-bit)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A7DE0CB6-DE87-4065-9596-5A1E9FED3297}" = NI Assistant Framework 64-bit
"{ACA45A9D-5C68-429F-AE87-0F2917136FCC}" = NI SSL Support (64-bit)
"{AFC5A844-CA3A-4566-89E7-3E24E6AFF9A3}" = NI VC2010SP1MSMs x64
"{AFE7987B-E282-42CE-AD5A-E333BE31E204}" = NI Curl 12.0.0 (64-bit)
"{B618335B-11D2-4780-B5CE-AA2D111DB693}" = NI Authentication 12.0.0 (64-bit)
"{B9254715-D10D-4B4B-B002-54CBA61E6F64}" = NI LabVIEW Broker (64 bit)
"{B9293F41-3CB1-4E86-9523-010F8ACB782D}" = NI Xalan Delay Load 1.10.2 64-bit
"{BD432073-6A5D-4F0F-8952-43B3C21A31C3}" = NI Trace Engine (64-bit)
"{BE2DC247-C185-4EC2-840F-484B46AA1B0E}" = NI MAX Remote Configuration 64-bit Installer 5.3
"{C3D647DC-7317-41F3-A8DB-CC6B98239C6E}" = NI MAX Support for 64 Bit Windows
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D754C95D-A80F-471C-819B-EEEDD07C9B0A}" = NI-Mesa
"{DABB1D70-482A-4B92-8B24-052AD650A2B0}" = NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
"{DCEF4AB3-3E07-4517-9A92-9599C903E32B}" = NI DataSocket 5.0 (64-bit)
"{DDAAADDD-C57E-4731-A29C-133191587488}" = NI Help Assistant 2.0 (64bit)
"{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
"{E3E3E625-8F74-44CE-A6D2-C31CB43DA23D}" = NI VC2005MSMs x64
"{E3EB4126-0930-4926-B135-1F85452E7975}" = Math Kernel Libraries (64-bit)
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F27CFD16-939A-4232-98CD-180898D14713}" = HP Officejet 4500 G510n-z
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCA2E817-8584-43EF-ABCA-05514305F0C6}" = NI Update Service 2.3 (64-bit)
"AVG" = AVG 2014
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00205043-EF6B-4676-8700-C4CA79AF38CB}" = NI Remote PXI Provider for MAX 5.3.0
"{01C0F5DE-BF22-43B9-B7D9-7915B32F71F1}" = NI LabVIEW Run-Time Engine 2012 f3
"{036C09F0-1423-4097-9720-D9E034CFF50A}" = NI Web Application Server 12.0
"{0426182B-4CE3-4F93-93ED-22C1B99B794D}" = NI License Manager
"{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}" = NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{10C2A6F0-6700-4D31-AC24-D0D5100B79CC}" = NI Network Discovery 5.3
"{11AABEE9-3FC1-49A9-BA67-D49BD0FEC39A}" = NI LabVIEW 2012 License
"{1289A4EC-A5C8-48A0-AF39-0E49F716C20F}" = NI Customer Experience Improvement Program
"{1325DEDB-4EA5-45EF-85A7-A01D58BB9420}" = NI-DAQmx/LabVIEW shared documentation 9.5.5
"{143CCCB0-7075-4957-9318-FD4CCD457572}" = NI System Configuration LV2012 Support 5.3.0
"{166B0BE3-4A53-4E18-B967-DEF63795DB75}" = NI Software Provider for MAX 5.3.0
"{16926780-AA4D-4BC0-ADBD-E8D17D0F63A2}" = NI System API Windows 32-bit 5.3.0
"{1B134E1D-FD88-44EE-AD47-E41D023F913C}" = NI LabVIEW 2012 (32-bit)
"{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"{1CD7BB88-C496-4484-A309-6F2F84814416}" = NI Web Interface Framework 2012
"{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}" = NI LabVIEW Run-Time Engine 2011 SP1
"{231D0E11-0313-49FD-95CE-1D0264C7F1F5}" = NI Math Kernel Libraries
"{24539AF1-51B2-4322-B3D7-BF4E5FA556F8}" = NI LabVIEW Run-Time Engine Interop 2012
"{25A0DCD9-84D7-47A2-A139-C3BCC43CD59A}" = NI System API Web-Servce 32-bit 5.3.0
"{25CDAF24-F25B-402D-A7C7-B0B73C66A6FD}" = NI LabVIEW 2012 MeasAppChm File
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{27B67D4C-407D-43FF-BCDE-B9E3208070E3}" = NI LabVIEW 2012 Deployment Framework
"{28D398A0-EA5E-462F-94D0-3176B11F83AD}" = NI LabVIEW 2012 Run-Time Engine Web Server
"{2A8F9255-F4AB-4a37-8F39-7C6E15B5158B}" = 4500G510nz_web
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2CB15350-C073-4A5B-A706-59E1F69DE11C}" = NI Xalan Delay Load 1.10.2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F64AB3D-540C-44FF-ABB6-6A2E6CF8B8A5}" = NI Instrument IO Assistant for LabVIEW 2012 32-bit
"{3246360A-10B4-4604-8C84-609F526A9A74}" = NI LabVIEW 2012 Search
"{33F298F6-BE62-4294-A5E4-01DED9E7614B}" = NI LabVIEW 2012 (32-bit)
"{36D68CEE-1AC5-47E1-A269-791683DE53D0}" = NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
"{38300A40-AB90-444D-A823-17EB95A5C731}" = NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
"{38930905-CC7D-457D-963E-FD2B0F3CC24A}" = NI LabVIEW 2012 (32-bit)
"{39E63436-773B-4294-9C19-E4E5941A6C69}" = NI Logos 5.4
"{3A1E27A9-C447-484E-9A9B-B23864DB1316}" = Microsoft Silverlight 5.1
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E8FE46A-2A04-4328-A873-6E0ADC91FE8A}" = NI LabVIEW 2012 Real-Time Error Dialog
"{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}" = NI USI 2.0.0
"{4128842C-D299-4ADE-84A7-AB923079DE94}" = NI LabVIEW Merge Utility 12.0.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41F6CA61-82CB-4615-9A97-252C5D58FA4B}" = NI LabWindows/CVI Run-Time Engine 2010 SP1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{442971F2-D1CF-4859-B0AD-167F2BDDC9EA}" = NI LabVIEW 2012 Deployable License
"{454BB334-669A-4F08-B3A5-873327176A7A}" = NI Variable Engine LabVIEW 2012 Support
"{45CD454E-EA23-466B-8AB8-2F3002C7D532}" = NI Search Shared
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{476FEE82-F90C-4F79-AFE4-AD0FA128C71F}" = NI Uninstaller
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}" = NI VC2005MSMs x86
"{4C146083-2C71-4C64-A4AD-5E340E177E63}" = NI ActiveX Container
"{4C16E76C-7A4D-48E7-9E5E-B76B357C014E}" = Math Kernel Libraries
"{4C7AB285-CE33-459F-AB26-0E2DBCCDA2D7}" = NI Trace Engine
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{50F728C0-9A37-4868-B9E1-42565C228B12}" = Reset NI Config 5.0.0
"{526FED3E-499E-4989-B9F9-207E2FE425AA}" = NI SSL Support
"{54AC24BA-DF2F-492F-8A28-C60B0CAD48EB}" = NI Measurement & Automation Explorer 5.3.0
"{570AFAC0-96B1-4491-B24B-6D251C52AFA4}" = NI System Web Server 12.0
"{59DA8C21-C667-47D0-A259-AA942C9A9717}" = NI Curl 12.0.0
"{5A6C68D9-FDCB-4675-A95A-CD908D103614}" = NI TDM Streaming 2.4
"{5AEBB67E-812E-43BC-B029-CD83DBA7CE30}" = NI LabWindows/CVI 2010 SP1 Code Generator
"{5BFCB0ED-0539-4C0E-B1CC-EA8AB45B5348}" = NI MDF Support
"{5CC95D76-A798-4722-AE76-E494D9664907}" = NI .NET Framework 4.0
"{5DA2E9EF-3CAA-495F-AB2C-55F39FF9EA39}" = NI SSL LabVIEW RTE 2012 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66779CC0-03E8-42E2-9781-E8B05FB166BF}" = NI LabVIEW 2012 (32-bit)
"{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}" = NI LabVIEW Run-Time Engine Interop 2011
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DCB11A2-D051-4FF2-BCE0-2248032DE850}" = NI LabVIEW 2012 Scripting Code Generator
"{6E22CE6C-3F93-4B52-9D4D-BE9BEA3C3B23}" = NI Portable Configuration 5.3.0
"{6E648051-E2C7-4C24-BE4D-055B174B345F}" = NI LabVIEW 2012 Help
"{6EA7B5DD-BE0E-4678-8BD1-E0415C0B59A8}" = NI LabVIEW 2012 (32-bit)
"{6F7B933C-55A2-4F8A-BFA5-BF98CBD61C24}" = NI mDNS Responder 2.1.0
"{72AEEFF2-F258-4DCA-AFAE-441AC6CEBA2F}" = NI LabVIEW 2012 Help File
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{78783E82-40B4-46EE-9EDF-9C501E057326}" = NI LabVIEW 2012 (32-bit)
"{7888F38C-E534-473D-B029-562173EEA2C8}" = NI-Mesa
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A2388A-6FCC-404D-A860-8D2F74844821}" = NI VIPM Helper 2012
"{7B03B9AF-9BC4-4510-971C-375D6352923E}" = WIF Core Dependencies Windows 5.3.0
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7FB07065-F547-448A-A1C3-1F2EF5EB834F}" = NI LabWindows/CVI 2010 SP1 Network Variable Library
"{80FB7EBE-F006-41D4-A288-FA960645E6C0}" = NI DataSocket 5.0
"{843BD817-4551-451C-AB7A-EF113BF9C036}" = 4500_G510nz_Help_Web
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{889318AA-C95A-4ED8-94A9-067093DEC808}" = NI System Configuration Runtime 5.3.0
"{88A77AEA-B52C-4D59-858E-51DD450848DE}" = NI Logos XT Support
"{89CFE5F0-DF10-4B2D-9A47-275F3FBE6B03}" = NI Launcher
"{8FBAA717-6C1C-4BA1-B446-AA5118BA6401}" = NI Update Service 2.3
"{8FF8CB08-4E26-4425-9032-BE381589E25A}" = NI Example Finder 12.0
"{92F7027F-BEDE-4E87-B18A-A12E3C4A2A96}" = NI Logos LabVIEW 2012 Support
"{944AE87D-38B2-4D09-B9D3-068C2BA6265B}" = NI System API Client for WIF 5.3.0
"{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}" = NI LabWindows/CVI 2010 SP1 Analysis Library
"{97A47220-6DF7-45A5-A766-59EF36E1F600}" = NI-RPC 4.3.0f0
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9CD98CEE-3271-4F0E-9C06-75A1EE9E103F}" = NI TDM Excel Add-In 3.4
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9E5E2BB1-C3D2-4A3A-8F9C-2CF0D667914F}" = NI LabVIEW Compare Utility 12.0.0
"{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library
"{A0D847A9-A042-48F9-A108-FA3BF96B9D6F}" = NI SLCP 1.0
"{A5133B4F-1D06-408C-95B8-51A5A8B62413}" = NI LabVIEW 2012 (32-bit)
"{A68CCA86-A2CC-41EF-A9F0-50C5FAA9A04C}" = NI Assistant Framework
"{A74D70DD-5A29-4111-9D65-F264A3D0AFF8}" = NI EulaDepot
"{ABC5023C-638C-4E52-A78F-991A5F04F1D7}" = NI MAX Remote Configuration Installer 5.3
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACC9DFD9-9DC5-4507-8469-E8A8F5035B9C}" = NI Assistant Framework LabVIEW Code Generator 2012
"{ADBE33A8-0634-4184-AE02-DC85F1745551}" = NI Distributed System Manager 2012
"{AED17FC7-86C3-47BE-84F9-9F078F522770}" = NI System State Publisher
"{AFB0647D-9FEB-4B4C-BD6C-5D68D6F583DB}" = NI System Configuration 5.3.0 LabVIEW Support
"{B3137CC2-0CC4-4763-B38A-AC0ACEE27740}" = NI-RPC 4.3.0f0 for Phar Lap ETS
"{B4A772D4-ED42-4484-8C0E-663A52D07A2F}" = NI LabVIEW 2012 Real-Time NBFifo
"{B4D7F809-ED68-49FD-A1A0-1C77FC956965}" = NI MXS 5.3.0
"{B54F04FD-1440-414B-9FBA-46AAC5B7115D}" = NI LabVIEW 2012 Manuals
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BCC373FE-227D-46D9-827F-05BA296E2602}" = NI LabVIEW Web Server for Run-Time Engine
"{C03C3B2C-6CA6-4134-8E5E-3381D6B19407}" = NI LabVIEW 2012 Simulation
"{C226D942-1BD2-47BB-8323-4190C9C17BD7}" = NI LabVIEW 2012 Web Server
"{C9690FF6-AD3E-43B0-A7FD-6D8A4C929D2C}" = NI System Web Server Base 12.0.0
"{C974EA9C-D8C0-42C3-80B9-3A164EA709F2}" = NI LabVIEW 2012 (32-bit)
"{C9A0D47F-9A68-4917-868C-79E384E4DEE6}" = NI Help Assistant 2.0
"{D31122C9-86AC-4ACD-859E-4B1D340E1D14}" = NI Error Reporting 2012
"{D4440B7D-5069-4A54-83CD-A0093A7E9001}" = NI LabVIEW Web Services Runtime
"{DAA441A4-464F-4E1C-96BC-697746F61482}" = NI LabVIEW 2011 SP1 Deployable License
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E1D39E62-6A6E-411E-A3FE-8D0C335DED1B}" = NI Remote Provider for MAX 5.3.0
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E2664099-6769-474F-A1C0-750AE5221B94}" = NI LabVIEW 2012 (32-bit)
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{E9592CCE-3058-4308-B52A-5AEA08E54F13}" = NI Authentication 12.0.0
"{EA9650DD-039A-4D72-8967-0FEEFDFB36B0}" = NI Variable Engine 2.6.0
"{EAC44648-E378-45C7-BEF3-3DD68980E465}" = NI GMP Windows 32-bit Installer 12.0.0
"{EBBAE791-A994-4EBC-8188-EA75B1F4AFF0}" = NI LabVIEW 2012 Variable Web Service
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F2273FA7-117C-43D7-BD59-00B025535442}" = NI VC2010SP1MSMs x86
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F5F0BFAE-3F87-40BA-9279-DE7621579CF8}" = NI OPC Support
"{F7FD3B06-9DF0-4AC4-8483-7538A7E913BA}" = NI MetaSuite Installer
"{F85B53F8-5DC5-49BB-90A2-3D6E3B866F5A}" = NI SSL LabVIEW 2012 Support
"{FE23C88C-30AD-42F3-90FD-36DB976314B7}" = NI LabVIEW 2012 f3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver
"MatlabR2011a" = MATLAB R2011a Student Version
"NI Uninstaller" = National Instruments Software
"VLC media player" = VLC media player 2.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2013 1:36:05 AM | Computer Name = Carrie-PC | Source = Google Update | ID = 20
Description =


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that




Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 21

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work. You should get a log. Please copy and paste it.
  • 0

#5
galgancl

galgancl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is:

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Carrie at 2013-11-09 14:13:20 Run:2
Running from C:\Users\Carrie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Facebook Update] - C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-10] (Facebook Inc.)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [97280 2009-07-13] ()
c:\progra~3\bitguard
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Users\Carrie\AppData\Local\Temp\BackupSetup.exe
C:\Users\Carrie\AppData\Local\Temp\htmlayout.dll
C:\Users\Carrie\AppData\Local\Temp\nsq19B2.exe
C:\Users\Carrie\AppData\Local\Temp\nsq31DC.exe
C:\Users\Carrie\AppData\Local\Temp\nsqCFD.exe
C:\Users\Carrie\AppData\Local\Temp\Quarantine.exe
C:\Users\Carrie\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Carrie\AppData\Local\Temp\SPID123413124.exe
C:\Users\Carrie\AppData\Local\Temp\SPID93341950.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58171977.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58172850.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58253004.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar58647873.exe
C:\Users\Carrie\AppData\Local\Temp\toolbar93365241.exe
C:\Users\Carrie\AppData\Local\Temp\uninst1.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133533969.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133533985.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall133534001.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58400908.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58414153.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58779975.exe
C:\Users\Carrie\AppData\Local\Temp\uninstall58788227.exe
C:\Users\Carrie\AppData\Local\Temp\vcredist_x64.exe
Task: {096E95ED-E06E-4EB1-84FD-570A90C0FDDE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-10] (Facebook Inc.)
Task: {4875B650-EAD0-444E-B39A-CFB8232A8881} - \EPUpdater No Task File
Task: {56D1AB56-0429-4565-B369-BC0932966931} - \Express FilesUpdate No Task File
Task: {9669799C-2A1E-498C-8C81-C26F7A901D8D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-10] (Facebook Inc.)
Task: {976F7CEF-5888-4749-A85F-407A35580953} - \GoforFilesUpdate No Task File
Task: {D2FCC226-8914-4374-8925-1C3A283F83AB} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {DDE1CCB9-CAC7-45C5-A08A-4806AB82CE42} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job => C:\Users\Carrie\AppData\Local\Facebook\Update\FacebookUpdate.exe

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
"c:\progra~3\bitguard" => File/Directory not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"C:\Users\Carrie\AppData\Local\Temp\BackupSetup.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\htmlayout.dll" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\nsq19B2.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\nsq31DC.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\nsqCFD.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\setup_fsu_cid.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\SPID123413124.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\SPID93341950.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\toolbar58171977.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\toolbar58172850.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\toolbar58253004.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\toolbar58647873.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\toolbar93365241.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninst1.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall133533969.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall133533985.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall133534001.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall58400908.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall58414153.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall58779975.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\uninstall58788227.exe" => File/Directory not found.
"C:\Users\Carrie\AppData\Local\Temp\vcredist_x64.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{096E95ED-E06E-4EB1-84FD-570A90C0FDDE} => Key not found.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4875B650-EAD0-444E-B39A-CFB8232A8881} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D1AB56-0429-4565-B369-BC0932966931} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9669799C-2A1E-498C-8C81-C26F7A901D8D} => Key not found.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{976F7CEF-5888-4749-A85F-407A35580953} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2FCC226-8914-4374-8925-1C3A283F83AB} => Key not found.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDE1CCB9-CAC7-45C5-A08A-4806AB82CE42} => Key not found.
C:\Windows\System32\Tasks\PCDEventLauncherTask not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask => Key not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000Core.job not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068136495-129375732-890116918-1000UA.job not found.

==== End of Fixlog ====

ASWMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-09 14:26:28
-----------------------------
14:26:28.228 OS Version: Windows x64 6.1.7601 Service Pack 1
14:26:28.228 Number of processors: 4 586 0x2A07
14:26:28.230 ComputerName: CARRIE-PC UserName: Carrie
14:26:29.958 Initialize success
14:28:30.464 AVAST engine defs: 13110901
14:28:47.890 The log file has been saved successfully to "C:\Users\Carrie\Desktop\aswMBR.txt"









COMBOFIX

ComboFix 13-11-07.01 - Carrie 11/09/2013 14:36:22.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3993.2624 [GMT -5:00]
Running from: c:\users\Carrie\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carrie\20.jpg
c:\users\Carrie\23.jpg
c:\users\Carrie\24.jpg
c:\users\Carrie\28.jpg
c:\users\Carrie\29.jpg
c:\users\Carrie\32.jpg
c:\users\Carrie\38.jpg
c:\users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A750463-C760-4AE2-BB61-A929CAF573AD}.xps
.
.
((((((((((((((((((((((((( Files Created from 2013-10-09 to 2013-11-09 )))))))))))))))))))))))))))))))
.
.
2013-11-09 19:47 . 2013-11-09 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-09 19:24 . 2013-05-21 18:40 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-11-09 05:04 . 2013-11-09 05:04 -------- d-----w- C:\FRST
2013-11-09 05:03 . 2013-11-09 05:03 -------- d-----w- c:\windows\ERUNT
2013-11-09 04:38 . 2013-11-09 04:57 -------- d-----w- C:\AdwCleaner
2013-11-07 18:32 . 2013-11-07 18:32 -------- d-----w- c:\program files\iPod
2013-11-07 18:32 . 2013-11-07 18:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 18:32 . 2013-11-07 18:32 -------- d-----w- c:\program files\iTunes
2013-11-07 18:32 . 2013-11-07 18:32 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 07:39 . 2013-05-20 20:51 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 03:47 . 2013-05-21 18:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 03:47 . 2013-05-21 18:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-26 01:07 . 2013-09-26 01:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-22 15:43 . 2013-10-09 08:22 17833984 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 15:01 . 2013-10-09 08:22 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-09-22 14:42 . 2013-10-09 08:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 14:36 . 2013-10-09 08:22 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 14:33 . 2013-10-09 08:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 14:33 . 2013-10-09 08:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 14:30 . 2013-10-09 08:23 237056 ----a-w- c:\windows\system32\url.dll
2013-09-22 14:27 . 2013-10-09 08:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 14:23 . 2013-10-09 08:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 14:22 . 2013-10-09 08:22 816640 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 14:21 . 2013-10-09 08:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 14:19 . 2013-10-09 08:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 14:19 . 2013-10-09 08:22 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 14:16 . 2013-10-09 08:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-09-22 14:15 . 2013-10-09 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-22 14:07 . 2013-10-09 08:23 248320 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 10:22 . 2013-10-09 08:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 10:14 . 2013-10-09 08:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-09-22 10:13 . 2013-10-09 08:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 10:08 . 2013-10-09 08:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-09-22 10:06 . 2013-10-09 08:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-09-22 10:03 . 2013-10-09 08:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-14 01:10 . 2013-10-09 03:52 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-08 02:30 . 2013-10-09 03:52 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 03:52 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 03:52 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 03:51 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 03:51 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 03:51 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 03:51 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 03:51 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 03:51 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 03:51 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-29 02:17 . 2013-10-09 03:52 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 03:51 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 03:51 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 03:51 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 03:52 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 03:51 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 03:51 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 03:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 03:51 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 03:51 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 03:51 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 03:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 03:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 03:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 03:51 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 03:52 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 03:51 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Carrie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Carrie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Carrie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2013-05-28 857888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Carrie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x]
R3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]
R3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-21 03:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-07 525312]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 592240]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-15 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-15 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-15 418328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 128.153.5.248 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-09 14:51:19
ComboFix-quarantined-files.txt 2013-11-09 19:51
.
Pre-Run: 406,277,685,248 bytes free
Post-Run: 407,454,945,280 bytes free
.
- - End Of File - - AD8E5B69A37D23116D4B0AC72410A415
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
I don't really see anything left. Are you still seeing signs of it?
  • 0

#7
galgancl

galgancl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
no, i have not had any pop ups or signs of it. would running a scan with my antivirus be ok to see if it still detects anything?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
Go ahead and do a scan with your anti-virus. You can also do one with ESET if you like tho it takes several hours:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#9
galgancl

galgancl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
there was no list of threats found. it found 0 threats/infected files and there was no option for that.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,999 posts
  • MVP
Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP