Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware /hidden boot partition HELP! [Solved]

Started by sallyw , Nov 25 2013 05:59 AM

  • This topic is locked This topic is locked

#1
sallyw
Posted 25 November 2013 - 05:59 AM

sallyw

    Member

  • Member
  • PipPip
  • 58 posts
I have malware infection and need help removing. I've been through the process before for other computers. now need for my own.

symptoms: logged in and a blank screen greeted me. never recovered after several reboots finally got to windows and message this is not genuine. windows won't accept my activation.

Ran the frst64 exe program and read forum "how to" (run OTL) and include OTL results below.

I don't know how it occurred but it wasn't caught by malwarebytes or norton (available through comcast). Both updated automatically. scans scheduled weekly with full scans weekly or monthly.

malwarebytes ran successfully but norton would not work and will not re-install. malwarebytes only ran when i clicked run scanner from notification icon so i'm not sure it actually did any analysis.

thx,
Sally

Removed FRST results and replaced with OTL results:

OTL logfile created on: 11/25/13 5:32:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

9.75 Gb Total Physical Memory | 7.82 Gb Available Physical Memory | 80.16% Memory free
19.50 Gb Paging File | 16.78 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.33 Gb Total Space | 431.34 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 4.58 Gb Free Space | 60.96% Space Free | Partition Type: FAT32

Computer Name: WIZARD | User Name: Wizard Associates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2013/11/24 22:35:24 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/22 17:38:50 | 001,103,712 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/11 09:00:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/09/03 08:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/09/03 08:53:50 | 000,041,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/23 15:41:26 | 005,019,824 | ---- | M] (Anagram Technologies) -- C:\Program Files (x86)\Anagram Technologies\Copy2Contact\Copy2Contact.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 22:33:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/24 22:33:42 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/10/28 19:57:54 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/02/04 10:53:40 | 000,063,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/20 07:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 17:09:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/16 03:10:38 | 000,378,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 04:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/14 20:44:26 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/14 20:44:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/09/14 20:44:23 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/14 20:44:14 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/10/28 19:57:52 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/http:/ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}
IE - HKCU\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: firefogg%40firefogg.org:309
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: seodoctor%40prelovac.com:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Bc75a27d8-4529-449f-b67b-aba65d7a1c0a%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: verticaltoolbar%40xuldev.org:0.5.1
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nuance@pdf7:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/10/04 13:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 07:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/20 07:23:02 | 000,000,000 | ---D | M]

[2010/10/20 19:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/11/24 23:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions
[2013/10/14 16:17:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/08/20 18:50:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/04/29 12:54:51 | 000,000,000 | ---D | M] (Toggle Web Developer Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
[2013/07/25 16:06:41 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/11/25 14:57:43 | 000,000,000 | ---D | M] (Firefogg) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/11/21 08:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged
[2013/11/21 08:15:35 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/03/31 14:57:50 | 000,069,940 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/12/02 19:31:47 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/09/18 11:53:37 | 000,362,568 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/08/13 15:51:42 | 000,109,265 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2011/12/15 16:53:21 | 000,166,750 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
[2013/05/10 21:31:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/11/20 08:15:30 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged\[email protected]
[2013/11/20 07:17:29 | 000,004,183 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\searchplugins\blekko.xml
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/24 17:54:35 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2013/06/28 07:04:01 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/03 15:11:44 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/finance
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Users\Wizard Associates\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Users\Wizard Associates\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: DoNotTrackMe = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_1\
CHR - Extension: Google Drive = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0\
CHR - Extension: Google Science Fair 2012 = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google Wallet = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/20 08:41:19 | 000,003,960 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 66 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Do Not Track Me) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine Inc)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Do Not Track Me © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine Inc)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: staplesbolsteryourbottomlinegiveaway.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\Shell - "" = AutoRun
O33 - MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\Shell\AutoRun\command - "" = J:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/25 09:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/25 06:10:54 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Zemana
[2013/11/25 00:21:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/11/25 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/11/24 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\ID Vault
[2013/11/24 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/11/24 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2013/11/24 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2013/11/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/11/24 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/11/24 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\coupons
[2013/11/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/13 22:27:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 22:27:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 22:26:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/13 22:26:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/13 22:26:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/13 22:26:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 22:26:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 22:26:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 22:26:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 22:26:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 22:26:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/13 22:26:53 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 22:26:52 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 22:26:52 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 22:26:51 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 21:20:22 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 21:20:04 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 21:20:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 21:20:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 21:20:03 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 21:20:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 21:19:51 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 21:19:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 21:19:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 21:19:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 21:19:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 21:19:47 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 21:19:44 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 21:19:44 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 21:19:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 21:19:43 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
[2013/11/11 08:54:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/11 08:51:59 | 000,057,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2013/11/11 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/11 08:50:17 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/11/11 08:50:17 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/11/11 08:50:17 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/11/11 08:50:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/11/11 08:50:16 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/11/11 08:50:13 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/11/11 08:50:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/11/10 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/10/30 10:03:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Documents\Bootstrap3.0.1
[2013/10/28 06:13:27 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/25 17:32:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 17:24:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 17:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 17:08:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
[2013/11/25 17:04:33 | 001,057,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/25 17:04:33 | 000,858,398 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/25 17:04:33 | 000,194,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/25 17:03:17 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 17:03:17 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 17:02:50 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWizard Associates.job
[2013/11/25 17:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 11:04:02 | 3556,204,543 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 06:13:11 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/24 23:52:48 | 000,001,097 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/11/22 08:11:53 | 000,001,456 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/20 10:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
[2013/11/20 07:25:39 | 000,002,046 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 00:09:50 | 000,002,426 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
[2013/11/10 09:14:54 | 000,001,091 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\KeePass 2.lnk
[2013/11/10 09:14:53 | 000,001,067 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
[2013/11/04 19:21:22 | 000,143,217 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:42 | 011,339,349 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf
[2013/10/29 08:06:58 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/10/29 08:01:52 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
[2013/10/27 17:34:11 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Formoid.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/11 08:54:25 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/11 08:54:03 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/04 19:21:43 | 000,143,217 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:41 | 011,339,349 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf
[2013/10/29 08:01:52 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
[2013/06/28 07:04:02 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2013/06/28 07:04:02 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2013/06/19 15:56:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/19 08:27:55 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/05/22 10:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:11:31 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/20 12:17:09 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/12 07:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\UserTile.png
[2013/02/09 20:02:21 | 000,000,027 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_data
[2013/02/09 20:01:35 | 000,000,000 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_stat_data
[2012/06/26 06:10:06 | 003,668,480 | ---- | C] () -- C:\Windows\SysWow64\CosmoRenderer.dll
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/08 14:09:35 | 000,013,055 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/04/07 14:47:25 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/08 14:46:09 | 000,000,017 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\mpdt294
[2012/03/08 14:46:00 | 000,000,213 | ---- | C] () -- C:\Windows\mapedit2.ini
[2012/02/27 17:53:16 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/25 11:39:29 | 000,007,602 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Resmon.ResmonCfg
[2011/07/03 07:21:12 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/22 10:37:09 | 000,009,728 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 15:56:06 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/14 15:49:24 | 000,013,060 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/12/11 18:52:29 | 000,038,529 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/27 11:55:37 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/20 10:48:33 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0574215C
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:8E55808C
@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D95ACC7D
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:527B6DAD

< End of report >

Edited by sallyw, 25 November 2013 - 05:04 PM.

  • 0

Advertisements

#2
sallyw
Posted 27 November 2013 - 02:11 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I previously opened this topic which has been viewed but no replies: http://www.geekstogo...__fromsearch__1

After a power failure, Win 7 ultimate failed to load windows. login seemed to be okay then blank screen. tried several more times before finally loading windows only to see message that it was not genuine windows.

tried to repair norton which would not run - bad idea as it was removed and will not re-install. malwarebytes shows nothing on full scan which took about 1 hour to scan 500gb.

ran otl (results in original post).

also ran frst and discovered hidden partition with system and boot.

thx
  • 0

#3
Machiavelli
Posted 27 November 2013 - 02:41 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo,sallyw

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

Is there any reason why you have been created a new Thread?

tried several more times before finally loading windows only to see message that it was not genuine windows.

Does that mean you are able to work now in Normal Mode? If not proceed with this:

Boot Into Safe Mode

  • Start your computer
  • When your computer has turned on and is just starting to boot again (on the BIOS screen that usually has the manufactures logo on it) press F8
  • Using the arrow keys, select Safe Mode with Network and press enter

Is that working?
  • 0

#4
sallyw
Posted 27 November 2013 - 03:04 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you machiavelli for responding.

I started a new thread a couple of days went by and no replies.

I can start in normal mode BUT there is a message in the corner that says
windows 7
build 7601
this copy of windows is not genuine

Windows 7 ultimate. 64. has been genuine for 3 years.

Thx. I've been through the process with other people's computers. just not mine. i know to follow the instructions and not try to follow someone else's instructions.

sallyw
  • 0

#5
Machiavelli
Posted 27 November 2013 - 03:09 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK I'll come back with an answer tomorrow - in Germany it is very late and I'll got to bed now. Good Night! :popcorn:
  • 0

#6
sallyw
Posted 27 November 2013 - 03:12 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
okay. thank you. thursday is a holiday here in US. I am on east coast and will check in in the early morning.
sallyw
  • 0

#7
Machiavelli
Posted 28 November 2013 - 01:05 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
From where you got the information with the hidden partition?

Farbar Recovery Scan Tool (FRST)

  • Run FRST as Administrator.
  • Check the checkbox called Addition.txt
  • Click Scan to start FRST.
  • When FRST finishes scanning, logs, FRST.txt and Addition.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of these logs into your next post please.

  • 0

#8
sallyw
Posted 28 November 2013 - 09:21 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Apology for delay in responding. I was away all day.
I ran FRST64 and have copied results here (FRST then Addition).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Wizard Associates (administrator) on WIZARD on 28-11-2013 22:13:30
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.WIZARDASSOCIATES\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Akamai Technologies, Inc.) C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Anagram Technologies) C:\Program Files (x86)\Anagram Technologies\Copy2Contact\Copy2Contact.exe
(Akamai Technologies, Inc.) C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Synology Inc.) C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-19] (Hewlett-Packard)
HKCU\...\Run: [Google Update] - C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-20] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKCU\...\Runonce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
MountPoints2: {355106b4-3a4e-11e1-b080-d4856417b6a6} - J:\ToolLauncher-Bootstrap.exe
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-20] (Google Inc.)
HKU\Classic .NET AppPool\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\DefaultAppPool\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/
http://www.huffingtonpost.com/
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {BE7B70DA-4F70-4D85-9496-6FD11566AF0D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {BE7B70DA-4F70-4D85-9496-6FD11566AF0D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {BE7B70DA-4F70-4D85-9496-6FD11566AF0D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA} URL = http://search.yahoo....psg&type=HPDTDF
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll (Abine Inc)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AddThis Toolbar BHO - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll No File
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
DPF: HKLM-x32 {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default
FF user.js: detected! => C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\user.js
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.3 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.3 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\searchplugins\blekko.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: DoNotTrackMe - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: Firefogg - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\staged
FF Extension: SeoQuake - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Yahoo! Toolbar - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Toggle Web Developer Toolbar - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
FF Extension: firebug - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: nuance - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\nuance@pdf7
FF Extension: seodoctor - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: testpilot - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: toolbar - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: verticaltoolbar - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
FF Extension: prefs - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
FF Extension: defaults - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/finance
CHR RestoreOnStartup: "hxxp://www.google.com/finance"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Online Storage plug-in) - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\plugins\npoff.dll No File
CHR Plugin: (Workspace Webmail plug-in 1.0.20.42) - C:\Users\Wizard Associates\AppData\Roaming\Mozilla\plugins\npwbe.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (WPI Detector 1.3) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: (Unity Player) - C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Bejeweled) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: () - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_0
CHR Extension: (Google Drive) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0
CHR Extension: (Google Science Fair 2012) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0
CHR Extension: () - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR Extension: (Gmail) - C:\Users\WIZARD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S3 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [63304 2011-02-04] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 MSSQL$WIZARDASSOCIATES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.WIZARDASSOCIATES\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-25] (Trusteer Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 SQLAgent$WIZARDASSOCIATES; c:\Program Files\Microsoft SQL Server\MSSQL10_50.WIZARDASSOCIATES\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [378368 2013-01-16] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-17] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-28] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-25] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-25] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-25] (Trusteer Ltd.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 03:02 - 2013-11-26 03:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:02 - 2013-11-26 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 03:02 - 2013-11-26 03:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 03:02 - 2013-11-26 03:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 03:02 - 2013-11-26 03:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 03:02 - 2013-11-26 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 03:02 - 2013-11-26 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 03:02 - 2013-11-26 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 03:02 - 2013-11-26 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 03:02 - 2013-11-26 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 03:02 - 2013-11-26 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 03:01 - 2013-11-26 03:05 - 00007379 _____ C:\Windows\IE11_main.log
2013-11-25 21:18 - 2013-11-25 21:18 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-11-25 21:17 - 2013-11-26 02:23 - 00000000 ____D C:\VIPRERESCUE
2013-11-25 21:17 - 2012-05-25 12:14 - 00057976 _____ (GFI Software) C:\Windows\system32\Drivers\SBREDrv.sys
2013-11-25 21:17 - 2012-05-25 12:14 - 00045936 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-11-25 19:54 - 2013-11-25 19:54 - 00004418 _____ C:\Users\Wizard Associates\Desktop\Rkill.txt
2013-11-25 11:26 - 2013-11-25 11:26 - 00004968 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_112620.txt
2013-11-25 11:20 - 2013-11-25 11:20 - 00003763 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_112057.txt
2013-11-25 11:19 - 2013-11-25 11:19 - 00001683 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_111920.txt
2013-11-25 11:18 - 2013-11-25 11:18 - 00003434 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_11252013_111846.txt
2013-11-25 11:15 - 2013-11-25 11:15 - 00003378 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_111522.txt
2013-11-25 11:08 - 2013-11-25 11:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-11-25 09:53 - 2013-11-25 09:53 - 00000000 ____D C:\FRST
2013-11-25 06:10 - 2013-11-25 06:10 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Zemana
2013-11-25 00:21 - 2013-11-25 00:21 - 00000000 ____D C:\MGADiagToolOutput
2013-11-25 00:20 - 2013-11-25 00:20 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-11-25 00:17 - 2013-11-25 00:17 - 02031992 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\MGADiag.exe
2013-11-24 23:59 - 2013-11-24 23:59 - 00350432 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\ASH.0B176D6B6B344C6571526F41566750.Run.exe
2013-11-24 23:09 - 2013-11-25 06:11 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\ID Vault
2013-11-24 23:09 - 2013-11-24 23:09 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
2013-11-24 23:09 - 2013-11-24 23:09 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-11-24 23:08 - 2013-11-25 06:11 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\ID Vault
2013-11-24 23:07 - 2013-11-25 06:11 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-11-24 23:07 - 2013-11-24 23:07 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-11-24 22:54 - 2013-11-24 22:54 - 22623440 _____ (White Sky, Inc.) C:\Users\Wizard Associates\Downloads\constantguard.exe
2013-11-24 22:32 - 2013-11-24 22:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-24 13:37 - 2013-11-24 13:39 - 00000000 ____D C:\Users\Wizard Associates\Desktop\coupons
2013-11-21 12:26 - 2013-11-21 12:27 - 00000000 ____D C:\Users\Wizard Associates\Downloads\ePub
2013-11-20 07:23 - 2013-11-20 07:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 21:20 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 21:20 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 21:20 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 21:20 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 21:20 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 21:20 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 21:20 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 21:20 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 21:20 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 21:19 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 21:19 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 21:19 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 21:19 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 21:19 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 21:19 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 21:19 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 21:19 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 21:19 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 21:19 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 21:19 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 21:19 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 21:19 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 21:19 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 21:19 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 21:19 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 21:19 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 21:19 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 21:19 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 21:19 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 21:19 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-11 13:20 - 2013-11-11 13:20 - 01594039 _____ C:\Users\Wizard Associates\Downloads\basic.ics
2013-11-11 09:13 - 2013-11-12 07:07 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
2013-11-11 09:13 - 2013-11-11 09:39 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
2013-11-11 08:54 - 2013-11-11 08:54 - 00000000 ____D C:\Windows\en
2013-11-11 08:51 - 2013-11-11 08:51 - 00000000 ____D C:\Program Files\Windows Live
2013-11-11 08:51 - 2013-02-05 22:06 - 00057840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2013-11-11 08:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-11 08:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-11 08:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-11 08:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-11 08:50 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-11 08:50 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-11 08:50 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-11 08:39 - 2013-11-11 08:39 - 01239536 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\wlsetup-web.exe
2013-11-10 09:13 - 2013-11-10 09:13 - 02520814 _____ (Dominik Reichl ) C:\Users\Wizard Associates\Downloads\KeePass-2.24-Setup.exe
2013-11-04 19:21 - 2013-11-04 19:21 - 00143217 _____ C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
2013-11-04 18:42 - 2013-11-04 18:42 - 00003162 _____ C:\Users\Wizard Associates\Downloads\dwsn.ssg
2013-10-30 10:03 - 2013-11-04 19:27 - 00000000 ____D C:\Users\Wizard Associates\Documents\Bootstrap3.0.1
2013-10-29 08:01 - 2013-10-29 08:01 - 00002208 _____ C:\Users\Public\Desktop\Pinnacle Studio 16.lnk

==================== One Month Modified Files and Folders =======

2013-11-28 22:14 - 2010-10-25 06:18 - 00000000 ____D C:\Users\Wizard Associates\Documents\Outlook Files
2013-11-28 22:14 - 2010-10-20 10:05 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
2013-11-28 22:13 - 2013-09-20 21:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 22:13 - 2013-09-18 19:08 - 00000380 _____ C:\Windows\Tasks\HPCeeScheduleForWizard Associates.job
2013-11-28 22:13 - 2010-10-20 15:05 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 22:13 - 2010-10-20 15:05 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 22:13 - 2010-10-20 10:05 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
2013-11-28 22:12 - 2013-08-04 11:42 - 00005014 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Wizard-Wizard Associates Wizard
2013-11-28 22:12 - 2010-08-26 03:06 - 01781167 _____ C:\Windows\WindowsUpdate.log
2013-11-28 07:04 - 2009-07-13 23:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 07:04 - 2009-07-13 23:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-26 09:03 - 2010-10-19 16:01 - 00000000 ____D C:\Users\Wizard Associates\Documents\awic
2013-11-26 08:56 - 2012-12-06 18:51 - 00000000 ___RD C:\Users\Wizard Associates\Google Drive
2013-11-26 08:56 - 2012-08-14 16:16 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\Dropbox
2013-11-26 08:55 - 2010-10-19 10:49 - 00001415 _____ C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-26 04:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-26 03:22 - 2013-10-23 11:57 - 00000840 _____ C:\Windows\setupact.log
2013-11-26 03:22 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 03:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-26 03:05 - 2013-11-26 03:01 - 00007379 _____ C:\Windows\IE11_main.log
2013-11-26 03:02 - 2013-11-26 03:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:02 - 2013-11-26 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 03:02 - 2013-11-26 03:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 03:02 - 2013-11-26 03:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 03:02 - 2013-11-26 03:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-26 03:02 - 2013-11-26 03:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-26 03:02 - 2013-11-26 03:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-26 03:02 - 2013-11-26 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-26 03:02 - 2013-11-26 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-26 03:02 - 2013-11-26 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-26 03:02 - 2013-11-26 03:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-26 03:02 - 2013-11-26 03:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-26 03:02 - 2013-11-26 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 02:23 - 2013-11-25 21:17 - 00000000 ____D C:\VIPRERESCUE
2013-11-25 21:18 - 2013-11-25 21:18 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2013-11-25 21:13 - 2010-12-20 06:04 - 00002324 _____ C:\Windows\epplauncher.mif
2013-11-25 19:54 - 2013-11-25 19:54 - 00004418 _____ C:\Users\Wizard Associates\Desktop\Rkill.txt
2013-11-25 19:54 - 2009-07-14 00:13 - 01057920 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-25 18:07 - 2012-07-19 17:07 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-25 17:32 - 2012-08-14 16:19 - 00000000 ___RD C:\Users\Wizard Associates\Dropbox
2013-11-25 17:31 - 2013-09-23 13:22 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2013-11-25 14:02 - 2010-10-19 13:11 - 00000000 ____D C:\ProgramData\Recovery
2013-11-25 11:26 - 2013-11-25 11:26 - 00004968 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_112620.txt
2013-11-25 11:24 - 2013-11-25 11:08 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2013-11-25 11:20 - 2013-11-25 11:20 - 00003763 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_112057.txt
2013-11-25 11:19 - 2013-11-25 11:19 - 00001683 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_111920.txt
2013-11-25 11:18 - 2013-11-25 11:18 - 00003434 _____ C:\Users\Administrator\Desktop\RKreport[0]_D_11252013_111846.txt
2013-11-25 11:15 - 2013-11-25 11:15 - 00003378 _____ C:\Users\Administrator\Desktop\RKreport[0]_S_11252013_111522.txt
2013-11-25 11:04 - 2010-08-26 05:01 - 01210820 _____ C:\Windows\PFRO.log
2013-11-25 09:53 - 2013-11-25 09:53 - 00000000 ____D C:\FRST
2013-11-25 06:12 - 2010-10-19 14:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-25 06:11 - 2013-11-24 23:09 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\ID Vault
2013-11-25 06:11 - 2013-11-24 23:08 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\ID Vault
2013-11-25 06:11 - 2013-11-24 23:07 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-11-25 06:10 - 2013-11-25 06:10 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Zemana
2013-11-25 05:22 - 2010-11-09 17:12 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98EEFE26-5E14-43A8-936E-01F752EFD757}
2013-11-25 00:21 - 2013-11-25 00:21 - 00000000 ____D C:\MGADiagToolOutput
2013-11-25 00:20 - 2013-11-25 00:20 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-11-25 00:18 - 2013-01-11 08:27 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\KeePass
2013-11-25 00:17 - 2013-11-25 00:17 - 02031992 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\MGADiag.exe
2013-11-24 23:59 - 2013-11-24 23:59 - 00350432 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\ASH.0B176D6B6B344C6571526F41566750.Run.exe
2013-11-24 23:09 - 2013-11-24 23:09 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
2013-11-24 23:09 - 2013-11-24 23:09 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-11-24 23:07 - 2013-11-24 23:07 - 00000000 ____D C:\ProgramData\White Sky, Inc
2013-11-24 23:00 - 2010-08-26 03:38 - 00000000 ____D C:\ProgramData\Norton
2013-11-24 22:54 - 2013-11-24 22:54 - 22623440 _____ (White Sky, Inc.) C:\Users\Wizard Associates\Downloads\constantguard.exe
2013-11-24 22:43 - 2012-08-13 15:27 - 00002194 _____ C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-11-24 22:37 - 2010-10-19 14:35 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Adobe
2013-11-24 22:33 - 2013-11-24 22:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-24 22:18 - 2013-07-25 09:03 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\DoNotTrackPlus
2013-11-24 22:14 - 2010-10-19 10:41 - 00000000 ____D C:\Users\Wizard Associates
2013-11-24 21:44 - 2013-10-18 15:40 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-24 21:44 - 2013-10-18 15:40 - 00000000 ____D C:\Program Files\iTunes
2013-11-24 21:44 - 2013-10-18 15:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-24 21:44 - 2012-04-25 05:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-24 21:44 - 2011-11-09 19:45 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Akamai
2013-11-24 21:44 - 2011-07-29 17:58 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-24 21:44 - 2011-05-30 04:26 - 00000000 ____D C:\Users\Administrator
2013-11-24 21:44 - 2010-10-25 06:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 21:44 - 2010-10-22 12:53 - 00000000 ____D C:\Users\Classic .NET AppPool
2013-11-24 21:44 - 2010-10-19 10:49 - 00000000 ___RD C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 21:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-11-24 21:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-11-24 21:39 - 2013-10-18 15:40 - 00000000 ____D C:\Program Files\iPod
2013-11-24 21:39 - 2010-10-19 14:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-24 21:39 - 2010-10-19 14:48 - 00000000 ____D C:\Program Files\Adobe
2013-11-24 19:57 - 2013-09-11 08:52 - 00223744 ___SH C:\Users\Wizard Associates\Desktop\Thumbs.db
2013-11-24 13:40 - 2010-10-21 13:13 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\CrashDumps
2013-11-24 13:39 - 2013-11-24 13:37 - 00000000 ____D C:\Users\Wizard Associates\Desktop\coupons
2013-11-22 11:51 - 2011-05-30 04:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-11-22 08:11 - 2013-02-20 12:17 - 00001456 _____ C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-21 12:27 - 2013-11-21 12:26 - 00000000 ____D C:\Users\Wizard Associates\Downloads\ePub
2013-11-21 05:53 - 2013-09-25 13:39 - 00000000 ____D C:\Users\Wizard Associates\Documents\Lexington COA Friends
2013-11-20 20:18 - 2011-11-03 04:43 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-20 20:18 - 2010-10-20 11:27 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-20 20:15 - 2010-10-20 11:27 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\HP Support Assistant
2013-11-20 20:15 - 2010-10-20 11:26 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\HpUpdate
2013-11-20 07:23 - 2013-11-20 07:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-20 00:09 - 2010-10-20 10:05 - 00002426 _____ C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
2013-11-19 19:59 - 2013-10-11 16:52 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-19 19:28 - 2012-03-30 04:08 - 00000000 ____D C:\Users\Wizard Associates\Documents\a whole bunch market
2013-11-13 22:08 - 2013-08-15 12:01 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 21:59 - 2010-10-21 16:10 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:33 - 2010-10-20 07:48 - 00000000 ____D C:\Users\Wizard Associates\Documents\Town of Burlington
2013-11-13 20:06 - 2013-09-18 19:08 - 00003258 _____ C:\Windows\System32\Tasks\HPCeeScheduleForWizard Associates
2013-11-12 21:54 - 2010-10-20 05:03 - 00000000 ____D C:\Users\Wizard Associates\Documents\SXW
2013-11-12 21:48 - 2010-10-19 21:23 - 00000000 ____D C:\Users\Wizard Associates\Documents\Household
2013-11-12 07:07 - 2013-11-11 09:13 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
2013-11-11 13:20 - 2013-11-11 13:20 - 01594039 _____ C:\Users\Wizard Associates\Downloads\basic.ics
2013-11-11 09:39 - 2013-11-11 09:13 - 00000000 ____D C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
2013-11-11 09:12 - 2010-12-16 05:11 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Windows Live
2013-11-11 08:54 - 2013-11-11 08:54 - 00000000 ____D C:\Windows\en
2013-11-11 08:52 - 2010-08-26 03:33 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-11 08:51 - 2013-11-11 08:51 - 00000000 ____D C:\Program Files\Windows Live
2013-11-11 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-11 08:47 - 2010-10-19 10:44 - 00042681 _____ C:\Windows\DirectX.log
2013-11-11 08:39 - 2013-11-11 08:39 - 01239536 _____ (Microsoft Corporation) C:\Users\Wizard Associates\Downloads\wlsetup-web.exe
2013-11-10 09:14 - 2013-01-11 06:14 - 00001067 _____ C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
2013-11-10 09:14 - 2013-01-11 06:14 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-11-10 09:13 - 2013-11-10 09:13 - 02520814 _____ (Dominik Reichl ) C:\Users\Wizard Associates\Downloads\KeePass-2.24-Setup.exe
2013-11-08 19:26 - 2013-01-05 20:57 - 00000000 ____D C:\Users\Wizard Associates\Documents\Boston Bracelets
2013-11-08 19:22 - 2010-10-19 17:46 - 00000000 ____D C:\Users\Wizard Associates\Documents\fotolia
2013-11-06 21:48 - 2012-08-13 15:27 - 00000000 ___RD C:\Users\Wizard Associates\SkyDrive
2013-11-06 19:53 - 2010-10-20 07:21 - 00000000 ____D C:\Users\Wizard Associates\Documents\Playrific
2013-11-05 09:39 - 2013-03-04 09:50 - 00000000 ____D C:\Users\Wizard Associates\Documents\PaulRevere Inspectors
2013-11-04 21:03 - 2013-05-10 11:18 - 00000000 ____D C:\Users\Wizard Associates\Documents\South Shore
2013-11-04 21:03 - 2010-10-19 17:46 - 00000000 ____D C:\Users\Wizard Associates\Documents\Agility Volunteers
2013-11-04 19:27 - 2013-10-30 10:03 - 00000000 ____D C:\Users\Wizard Associates\Documents\Bootstrap3.0.1
2013-11-04 19:21 - 2013-11-04 19:21 - 00143217 _____ C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
2013-11-04 19:10 - 2010-10-19 21:20 - 00000000 ____D C:\Users\Wizard Associates\Documents\Gordon Eye
2013-11-04 18:42 - 2013-11-04 18:42 - 00003162 _____ C:\Users\Wizard Associates\Downloads\dwsn.ssg
2013-10-31 12:48 - 2010-10-20 14:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-30 12:45 - 2010-10-20 14:14 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Thunderbird
2013-10-29 08:07 - 2013-09-22 17:24 - 00000780 _____ C:\Users\Wizard Associates\AppData\Roaming\__AvidCloudManager.log
2013-10-29 08:07 - 2011-04-22 10:00 - 00011003 _____ C:\Users\Wizard Associates\AppData\Roaming\WIZARD.MTBF.txt
2013-10-29 08:07 - 2011-04-22 10:00 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Avid
2013-10-29 08:06 - 2011-01-05 11:07 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-10-29 08:01 - 2013-10-29 08:01 - 00002208 _____ C:\Users\Public\Desktop\Pinnacle Studio 16.lnk
2013-10-29 07:52 - 2011-02-17 06:59 - 00000000 ____D C:\Users\Wizard Associates\AppData\Local\Pinnacle
2013-10-29 07:36 - 2013-09-22 08:23 - 00000000 ____D C:\Users\Wizard Associates\Downloads\PinnacleStudio
2013-10-29 06:42 - 2013-09-22 17:24 - 00000990 _____ C:\Users\Wizard Associates\AppData\Roaming\__AvidCloudManagerPrevious.log

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Wizard Associates\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Wizard Associates\AppData\Local\Temp\_is8EE7.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 00:24

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by Wizard Associates at 2013-11-28 22:15:32
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2600 (x32 Version: 130.0.365.000)
2600_Help (x32 Version: 82.0.242.000)
2600Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
AddThis Toolbar (x32 Version: 1.514)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alexa Toolbar (x32)
Amazon Kindle (HKCU)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD Accelerated Video Transcoding (Version: 12.5.100.30429)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0429.2313.39747)
AMD Media Foundation Decoders (Version: 1.0.80430.0002)
AMD VISION Engine Control Center (x32 Version: 2013.0429.2313.39747)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Problem Report Wizard (Version: 3.0.804.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avid Studio (x32 Version: 1.1.0.2887)
Avid Studio Bonus Content (x32 Version: 1.0.0.325)
Avid Studio Plugins (x32 Version: 1.0.0.2804)
Avid Studio Registration Freebie - Adorage Vol. 11 Selection (x32 Version: 1.0.0.2804)
Belarc Advisor 8.3 (x32 Version: 8.3.2.0)
Bing Bar (x32 Version: 7.1.391.0)
bl (x32 Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 130.0.331.000)
calibre 64bit (Version: 0.9.42)
Canon XF MPEG2 Decoder (x32 Version: 1.0.0.8)
Canon XF Utility (x32 Version: 1.1.0.22)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0429.2313.39747)
Catalyst Control Center Localization All (x32 Version: 2013.0429.2313.39747)
CCC Help Chinese Standard (x32 Version: 2013.0429.2312.39747)
CCC Help Chinese Traditional (x32 Version: 2013.0429.2312.39747)
CCC Help Czech (x32 Version: 2013.0429.2312.39747)
CCC Help Danish (x32 Version: 2013.0429.2312.39747)
CCC Help Dutch (x32 Version: 2013.0429.2312.39747)
CCC Help English (x32 Version: 2013.0429.2312.39747)
CCC Help Finnish (x32 Version: 2013.0429.2312.39747)
CCC Help French (x32 Version: 2013.0429.2312.39747)
CCC Help German (x32 Version: 2013.0429.2312.39747)
CCC Help Greek (x32 Version: 2013.0429.2312.39747)
CCC Help Hungarian (x32 Version: 2013.0429.2312.39747)
CCC Help Italian (x32 Version: 2013.0429.2312.39747)
CCC Help Japanese (x32 Version: 2013.0429.2312.39747)
CCC Help Korean (x32 Version: 2013.0429.2312.39747)
CCC Help Norwegian (x32 Version: 2013.0429.2312.39747)
CCC Help Polish (x32 Version: 2013.0429.2312.39747)
CCC Help Portuguese (x32 Version: 2013.0429.2312.39747)
CCC Help Russian (x32 Version: 2013.0429.2312.39747)
CCC Help Spanish (x32 Version: 2013.0429.2312.39747)
CCC Help Swedish (x32 Version: 2013.0429.2312.39747)
CCC Help Thai (x32 Version: 2013.0429.2312.39747)
CCC Help Turkish (x32 Version: 2013.0429.2312.39747)
ccc-utility64 (Version: 2013.0429.2313.39747)
chudleighcountry_3267560 Screen Saver (x32)
CinemaNow Media Manager (x32 Version: 1.9.1.105)
Cisco WebEx Meetings (x32)
Copy (x32 Version: 130.0.428.000)
Copy2Contact (x32 Version: 3.0.2)
Coupon Printer for Windows (x32 Version: 5.0.0.2)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
CSS3 Menu (x32)
cu3ox (x32)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2823)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 130.0.465.000)
Do Not Track Me Add-on 2.2.9.515 (x32 Version: 2.2.9.515)
DocProc (x32 Version: 13.0.0.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2500.0)
Dropbox (HKCU Version: 2.0.22)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030)
Easy HTML5 Video (x32)
eFax Messenger (x32 Version: 4.4.1.528)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614)
Fax (x32 Version: 130.0.418.000)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000)
Formoid (x32)
GIF Movie Gear 4.2.3 (x32)
Google Calendar Sync (x32)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880)
GPBaseService2 (x32 Version: 130.0.371.000)
GSiteCrawler (x32 Version: v1.23)
HandBrake 0.9.6 (x32 Version: 0.9.6)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HFX Volume 1 (x32 Version: 12.01.0000.05)
HFX Volume 2 (x32 Version: 12.01.0000.3)
HFX Volume 3 (x32 Version: 12.01.0000.05)
HitmanPro 3.7 (Version: 3.7.3.193)
Hollywood FX Volumes 1-3 (x32 Version: 2.0.0)
HP Advisor (x32 Version: 3.4.12850.3526)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)
HP MediaSmart DVD (x32 Version: 4.1.4229)
HP MediaSmart Music (x32 Version: 4.1.4301)
HP MediaSmart Photo (x32 Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (x32 Version: 4.1.4214)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.3.0)
HP Odometer (x32 Version: 2.10.0000)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (x32 Version: 140.0.2.2)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Product Detection (x32 Version: 10.7.9.0)
HP Setup (x32 Version: 8.1.4186.3400)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.002.006.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
HTML Flip Book Generator (HKCU Version: 1.0.0.10)
Hulu Desktop (HKCU Version: 0.9.13)
HydraVision (x32 Version: 4.2.234.0)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
IIS 7.5 Express (x32 Version: 7.5.1046)
IIS Search Engine Optimization Toolkit 1.0 (Version: 1.0.0731)
IrfanView (remove only) (x32)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.1.1.11)
J2SE Runtime Environment 5.0 (x32 Version: 1.5.0)
Java™ SE Development Kit 6 Update 23 (64-bit) (Version: 1.6.0.230)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
KeePass Password Safe 2.24 (x32 Version: 2.24)
Knoll Light Factory EZ Studio (x32)
LabelPrint (x32 Version: 2.5.2823)
LameACM (x32)
LightScribe Applications (x32 Version: 1.18.15.1)
LightScribe System Software (x32 Version: 1.18.24.1)
LightScribe Template Labeler (x32 Version: 1.18.24.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
Mapedit (x32)
MarketResearch (x32 Version: 130.0.374.000)
Marketsplash Shortcuts (x32 Version: 1.0.1.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0)
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1343.0)
Microsoft Expression Blend 4 (x32 Version: 4.0.20525.0)
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0)
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0)
Microsoft Expression Design 4 (x32 Version: 7.0.20516.0)
Microsoft Expression Encoder 4 (x32 Version: 4.0.1639.0)
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1639.0)
Microsoft Expression Studio 4 (x32 Version: 4.0.20525.0)
Microsoft Expression Web 4 (x32 Version: 4.0.1303.0)
Microsoft Expression Web 4 Service Pack 2 (x32)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1005)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.202)
Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.6106.5001)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1 (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.50826.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.52.4000.0)
Microsoft SQL Server 2008 R2 Policies (x32 Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4000.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.52.4000.0)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server Browser (x32 Version: 10.52.4000.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 4.0 Web Tools ENU (x32 Version: 4.0.8482.1)
Microsoft SQL Server Compact 4.0 x64 ENU (Version: 4.0.8482.1)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.52.4000.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.35191)
Microsoft Web Deploy 2.0 (Version: 2.0.1046)
Microsoft Web Platform Installer 3.0 (Version: 3.0.4)
Microsoft WebMatrix (x32 Version: 1.0.1046)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Miro Video Converter (x32 Version: 0.8.0)
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000)
Movie Maker (x32 Version: 16.4.3508.0205)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030)
Moyea Flash Video MX Pro Version: 5.0.16.932 (x32)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mozilla Thunderbird 24.1.0 (x86 en-US) (x32 Version: 24.1.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NOOK for PC (x32 Version: 2.5.6.9575)
Nuance PDF Converter Professional 7 (Version: 7.20.6175)
Nuance PDF Converter Professional 7 (x32 Version: 7.20.6175)
NuGet (x32 Version: 1.0.20105.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005)
Opera 12.11 (x32 Version: 12.11.1661)
OverDrive Media Console (x32 Version: 3.2.10)
PDF Settings CS6 (x32 Version: 11.0)
ph (x32 Version: 1.0.0)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoNow! (x32 Version: 1.1.6904)
PictureMover (x32 Version: 3.5.0.28)
Pinnacle Creative Pack Volume 1 (x32 Version: 1.20.0000.04)
Pinnacle Studio 16 - Install Manager (x32 Version: 16.0.75)
Pinnacle Studio 16 - Standard Content Pack (x32 Version: 16.0.0)
Pinnacle Studio 16 (x32 Version: 16.0.0.75)
Pinnacle Winter Pack Full (x32 Version: 1.00.0000.0023)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.1.4022)
PowerDirector (x32 Version: 8.0.2906)
Premium Pack Volumes 1-2 (x32 Version: 2.0.0)
PressReader (x32 Version: 5.12.0927.0)
PxMergeModule (x32 Version: 1.00.0000)
Quicken 2009 (x32 Version: 18.1.4.14)
Quicken 2012 (x32 Version: 21.1.7.18)
QuickTime (x32 Version: 7.74.80.86)
Ralink RT2860 Wireless LAN Card (x32)
Rapport (Version: 3.5.1205.18)
Rapport (x32 Version: 3.5.1304.15)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Recovery Manager (x32 Version: 5.5.2926)
Red Giant ToonIt Studio (x32)
Responsive Time Logger 4.6.0.14 [Installer version: 2.14_W_WD] (x32)
Roxio CinemaNow 2.0 (x32 Version: 1.0.284)
RTFx Volume 2 (x32 Version: 12.01.0000.03)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 140.0.80.000)
Scansoft PDF Professional (x32)
ScoreFitter Volume 1 (x32 Version: 1.0.1)
ScoreFitter Volume 2 (x32 Version: 1.0.1)
ScoreFitter Volumes 1-2 (x32 Version: 2.0.0)
Seagate Manager Installer (x32 Version: 2.02.0109)
Seagate DiscWizard (x32 Version: 11.0.8326)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (Version: 10.52.4000.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.9.12585)
Skype™ 6.9 (x32 Version: 6.9.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0)
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0)
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0)
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
Status (x32 Version: 130.0.469.000)
SureThing Express Labeler (x32)
svBuilder-Pro (x32 Version: 2.3.0)
SWiSH Max3 (x32 Version: 09.06.02.000)
Synology Assistant (remove only) (x32)
Synology Data Replicator 3 (x32 Version: 1.0.0.0)
TeamViewer 7 (x32 Version: 7.0.14563)
Title Extreme (x32 Version: 2.0.0)
Toolbox (x32 Version: 130.0.648.000)
Toolkit 6 (x32)
Trapcode 3DStroke Studio (x32)
Trapcode Particular Studio (x32)
Trapcode Shine Studio (x32)
TrayApp (x32 Version: 130.0.422.000)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.15)
TurboTax 2010 (x32)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214)
TurboTax 2010 wmaiper (x32 Version: 010.000.1264)
TurboTax 2010 wrapper (x32 Version: 010.000.0157)
TurboTax 2011 (x32)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214)
TurboTax 2011 wmaiper (x32 Version: 011.000.1625)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179)
TurboTax 2012 wmaiper (x32 Version: 012.000.1335)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
TweetDeck (x32 Version: 3.0.2)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Visual Slideshow (x32)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
VisualLightBox (x32)
VP6 VFW Codec (x32)
WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone app for desktop (x32 Version: 1.0.1720.1)
Windows Phone Intro Video (ENU) (x32 Version: 04.07.0975.00)
WinZip 16.0 (Version: 16.0.9715)
WOW Slider (x32)
WPF Toolkit February 2010 (Version 3.5.50211.1) (x32 Version: 3.5.50211.1)
Yahoo! Install Manager (x32)
Yahoo! Toolbar (x32)
Zinio Reader 4 (x32 Version: 4.0.2811)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

14-11-2013 02:57:50 Windows Update
21-11-2013 14:03:34 Scheduled Checkpoint
25-11-2013 05:39:40 Restore Operation
25-11-2013 16:07:02 Installed Rapport
26-11-2013 08:00:13 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-02-20 08:41 - 00003960 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com

There are 61 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {053788EC-E3CB-489B-95D3-EC0BF1AEDBD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20] (Google Inc.)
Task: {35D2C6AD-A04C-4DBB-A957-B406B7E1C9C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20] (Google Inc.)
Task: {3B55E864-BA3A-49FC-B74B-CE1840FC2146} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {3F14C63D-2FB0-4889-A65F-03CCA62E4389} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4A6EAF48-234F-49BE-95C7-406575AFE39B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7E676426-54AF-4895-8B67-D66A8F64910A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8878EEDC-CE82-41D1-A693-DDA963FAD814} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {8C7C5D4C-532F-439C-BF48-48675AAA0C41} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {8F9F2701-F842-4060-A33E-073392D13232} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8FFA1427-9AC1-4146-A183-EE03E9E591CB} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {940BE63D-7984-46A5-87E8-9D3586CCDCDD} - System32\Tasks\HPCeeScheduleForWizard Associates => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {9462BBD6-4F6D-4645-A400-22CD55AEA400} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA => C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-20] (Google Inc.)
Task: {BBF4D10C-3028-407A-95F5-69F58AA89EA8} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {BEABC308-6FC2-4CBC-971A-BFB3EDB3A8B8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BF0A7363-E7A4-4E03-9C73-8C8A44392A6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Wizard-Wizard Associates Wizard => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-11-24] (Microsoft Corporation)
Task: {CC3A983F-CDD8-4670-BB06-90BC53999CCC} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {D3F0FCA1-535B-458F-BDA1-FCEA769AB048} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {D950EAD4-5974-4A58-AB31-98E6080EC968} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core => C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-20] (Google Inc.)
Task: {DD074EDB-C429-451C-81B5-A0CE3EFAB7F5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E915EBEE-7055-42AE-A366-FC67B8CA59B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {F621E469-B675-49A7-9F39-0E9829899EDB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job => C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job => C:\Users\Wizard Associates\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForWizard Associates.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-24 22:37 - 2013-11-24 22:37 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-05-03 22:30 - 2013-10-28 19:57 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-12 09:01 - 2011-03-12 09:01 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-12 09:01 - 2011-03-12 09:01 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-11-26 08:56 - 2013-11-26 08:56 - 00098816 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32api.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00110080 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\PyWinTypes27.dll
2013-11-26 08:56 - 2013-11-26 08:56 - 00364544 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\pythoncom27.dll
2013-11-26 08:56 - 2013-11-26 08:56 - 00044032 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_socket.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 01153024 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_ssl.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00320512 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32com.shell.shell.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00711680 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_hashlib.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 01175040 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._core_.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00805888 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._gdi_.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00811008 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._windows_.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 01062400 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._controls_.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00735232 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._misc_.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00128512 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_elementtree.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00127488 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\pyexpat.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00557056 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\pysqlite2._sqlite.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00087040 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_ctypes.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00119808 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32file.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00108544 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32security.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00018432 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32event.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00038912 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32inet.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00122368 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._wizard.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00686080 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\unicodedata.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00026624 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\_multiprocessing.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00070656 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\wx._html2.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00010240 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\select.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00025600 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32pdh.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00504832 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\windows._cacheinvalidation.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00011264 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32crypt.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00035840 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32process.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00017408 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32profile.pyd
2013-11-26 08:56 - 2013-11-26 08:56 - 00022528 _____ () C:\Users\Wizard Associates\AppData\Local\Temp\_MEI61042\win32ts.pyd
2013-11-24 22:33 - 2013-11-24 22:33 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-24 22:33 - 2013-11-24 22:33 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-11-24 22:33 - 2013-11-24 22:33 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-11-24 22:33 - 2013-11-24 22:33 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-11-24 22:35 - 2013-11-24 22:36 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0574215C
AlternateDataStreams: C:\ProgramData\Temp:527B6DAD
AlternateDataStreams: C:\ProgramData\Temp:8E55808C
AlternateDataStreams: C:\ProgramData\Temp:D95ACC7D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42122370.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42122370.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51399849

Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51399849

Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32402547

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32402547

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 110026257

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 110026257

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/25/2013 09:13:14 PM) (Source: Microsoft Security Client Setup) (User: Wizard)
Description: HRESULT:0x8004FF66
Description:Windows did not pass genuine validation. You may be a victim of software counterfeiting.. Security Essentials is available for use on genuine licensed Windows PCs. To complete installation of Security Essentials, click Go online and resolve now and get genuine Windows. After validating your system, run the Security Essentials Installation Wizard. <a id=link1>Go online and resolve now</a> Error code:0x8004FF66.


System errors:
=============
Error: (11/25/2013 09:15:49 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:49 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:47 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:47 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:45 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:42 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:42 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:40 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (11/25/2013 09:15:40 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004


Microsoft Office Sessions:
=========================
Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51399849

Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51399849

Error: (11/28/2013 10:13:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32402547

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32402547

Error: (11/28/2013 07:03:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 110026257

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 110026257

Error: (11/27/2013 04:01:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/25/2013 09:13:14 PM) (Source: Microsoft Security Client Setup)(User: Wizard)
Description: HRESULT:0x8004FF66
Description:Windows did not pass genuine validation. You may be a victim of software counterfeiting.. Security Essentials is available for use on genuine licensed Windows PCs. To complete installation of Security Essentials, click Go online and resolve now and get genuine Windows. After validating your system, run the Security Essentials Installation Wizard. <a id=link1>Go online and resolve now</a> Error code:0x8004FF66.


CodeIntegrity Errors:
===================================
Date: 2013-02-06 20:10:28.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 19:42:04.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 19:21:22.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 19:03:28.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 18:01:47.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 17:54:27.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 10:23:24.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 09:30:00.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 09:07:53.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 08:31:18.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 9983.29 MB
Available physical RAM: 8591 MB
Total Pagefile: 19964.75 MB
Available Pagefile: 17019.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.33 GB) (Free:430.09 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.08 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP USB FD) (Removable) (Total:7.51 GB) (Free:4.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 46CB4259)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#9
Machiavelli
Posted 29 November 2013 - 07:32 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Illegal Software Warning

I noticed that you use illegal sofwate like keygens, cracks or something like that. We don't support illegal machines and because of that we will remove all the illegal Software in the Malware Removal Process. Believe me, I'll find ALL of the illegal software. If you don't like that I remove the illegal software, just tell me! The consequence will be that I won't support you anymore! If you accept this we will remove all the illegal software and I'll guarantee further support.

Additionally, I like to say that these files mustn't really be related to a crack Adobe, but can be a hint. If it illegal please remove the illegal software ...

Illegal files/folders:

  • O1 - Hosts: 127.0.0.1 activate.adobe.com
  • O1 - Hosts: 127.0.0.1 practivate.adobe.com
  • O1 - Hosts: 127.0.0.1 ereg.adobe.com
  • O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
  • O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
  • O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
  • O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
  • O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
  • O1 - Hosts: 127.0.0.1 practivate.adobe.com
  • O1 - Hosts: 127.0.0.1 ereg.adobe.com
  • O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
  • O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
  • O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
  • O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
  • O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

Disabling Chrome Plugins

  • We need to disable some Chrome Plugins
  • Start Chrome and type this into the address bar:

chrome:plugins


  • A new tab will open with a list of your installed plugins - Please disable the plugin(s) below by clicking the word Disable.

    • CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0
  • We're done with that step! Well done!

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
[2013/11/20 07:17:29 | 000,004,183 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\searchplugins\blekko.xml
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2013/06/28 07:04:01 | 002,179,072 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npdbplug.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/03 15:11:44 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (AddThis Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: staplesbolsteryourbottomlinegiveaway.com ([www] https in Trusted sites)
O33 - MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\Shell - "" = AutoRun
O33 - MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\Shell\AutoRun\command - "" = J:\ToolLauncher-Bootstrap.exe
[2013/06/19 08:27:55 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0574215C
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:8E55808C
@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D95ACC7D
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:527B6DAD

:Files
C:\Program Files (x86)\AddThis Toolbar

:Commands
[ResetHosts]
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the content of the logfile which opens after the reboot ...
AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL Scan

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Question

How is your PC running? Any issues?
  • 0

#10
sallyw
Posted 29 November 2013 - 10:30 AM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you. My understanding from the consultant who installed the adobe software was that it was legal. I registered and have updated as recommended over the last 2 years. I've now uninstalled it.

disabled the chrome plugin and some others.

re:otl
a dialog pops up with: There is no disk in the drive. Please insert a disk into the drive \device\harddisk4\DR4 my options were cancel try again continue. i clicked continue a few times until it proceeded. it didn't like cancel or try again either.

otl finished and i ran the next 2 programs. all results copied here as requested.

re-ran OTL. discovered that the box "scan all users" was not checked. There are 2 users including one "administrator" account that i never access - just sits there. Do I need to rerun everything? can i just delete the account?

The Genuine Windows issue did not change.

Thanks.

Sally
All results below
________________________________________

OTL (1st time)
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7B70DA-4F70-4D85-9496-6FD11566AF0D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F93FE3C9-C547-4DB0-B0EB-C537AFC0AEAA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\searchplugins\blekko.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdbplug.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EBF8AAF-0A31-4786-909A-97A0EF101743}\ deleted successfully.
C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}\ deleted successfully.
File C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}\ not found.
File C:\Program Files (x86)\AddThis Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AMD AVT deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hp.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\staplesbolsteryourbottomlinegiveaway.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355106b4-3a4e-11e1-b080-d4856417b6a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{355106b4-3a4e-11e1-b080-d4856417b6a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355106b4-3a4e-11e1-b080-d4856417b6a6}\ not found.
File J:\ToolLauncher-Bootstrap.exe not found.
C:\ProgramData\uninstaller.exe moved successfully.
ADS C:\ProgramData\Temp:0574215C deleted successfully.
ADS C:\ProgramData\Temp:8E55808C deleted successfully.
ADS C:\ProgramData\Temp:D95ACC7D deleted successfully.
ADS C:\ProgramData\Temp:527B6DAD deleted successfully.
========== FILES ==========
C:\Program Files (x86)\AddThis Toolbar\skins\radio\gray03 folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\skins\radio folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\skins folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\override folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\images\weather\png folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\images\weather folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\images\ticker folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\images\msgbox folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar\images folder moved successfully.
C:\Program Files (x86)\AddThis Toolbar folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1347800 bytes
->Temporary Internet Files folder emptied: 530 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57200 bytes

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Public

User: Wizard Associates
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 384668938 bytes
->Java cache emptied: 9661972 bytes
->FireFox cache emptied: 343354597 bytes
->Google Chrome cache emptied: 6727990 bytes
->Apple Safari cache emptied: 47869952 bytes
->Opera cache emptied: 1449142 bytes
->Flash cache emptied: 235022 bytes

User: wizardnetbook

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123357770 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 734 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 876.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11292013_095213

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
C:\Users\Wizard Associates\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131129092523B60).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131129092523B60).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131129092529B60).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
______________________

ADWCLEANER

# AdwCleaner v3.013 - Report created 29/11/2013 at 10:16:33
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Wizard Associates - WIZARD
# Running from : C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Alexa Toolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\Extensions\[email protected]
File Deleted : C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\Alexa Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\prefs.js ]

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=100512_1_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "722af3080000000000001c659d247faf");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "722af3080000000000001c659d247faf");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15478");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:08:10");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\n <replacements>\n <replacement>\n <key><![CDATA[__REGION__PLACEHOLDER__]]></key>\n <v[...]

-\\ Google Chrome v

[ File : C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13821 octets] - [29/11/2013 10:12:12]
AdwCleaner[S0].txt - [13679 octets] - [29/11/2013 10:16:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13740 octets] ##########
_____________________
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Wizard Associates on Fri 11/29/13 at 10:26:58.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Wizard Associates\AppData\LocalLow\FCTB000061107
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Wizard Associates\appdata\local\{1B65AA65-0074-419C-A26F-23844776A2FE}
Successfully deleted: [Empty Folder] C:\Users\Wizard Associates\appdata\local\{4E7E3E91-F2C7-4E65-A356-D6A0872908BE}
Successfully deleted: [Empty Folder] C:\Users\Wizard Associates\appdata\local\{F98AE356-A670-465F-9A7F-41E2AD7E6D7E}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Wizard Associates\AppData\Roaming\mozilla\firefox\profiles\jph4l5dv.default\extensions\staged
Successfully deleted the following from C:\Users\Wizard Associates\AppData\Roaming\mozilla\firefox\profiles\jph4l5dv.default\prefs.js

user_pref("extensions.alexa.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\" : {\n
user_pref("extensions.seoquake.disable-baidu", true);
user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
Emptied folder: C:\Users\Wizard Associates\AppData\Roaming\mozilla\firefox\profiles\jph4l5dv.default\minidumps [36 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/29/13 at 10:35:27.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL (2nd run)

OTL logfile created on: 11/29/13 10:40:03 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wizard Associates\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

9.75 Gb Total Physical Memory | 7.61 Gb Available Physical Memory | 78.07% Memory free
19.50 Gb Paging File | 17.20 Gb Available in Paging File | 88.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.33 Gb Total Space | 443.94 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 4.57 Gb Free Space | 60.82% Space Free | Partition Type: FAT32

Computer Name: WIZARD | User Name: Wizard Associates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
PRC - [2013/11/24 22:37:21 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/22 17:38:50 | 001,103,712 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/11 09:00:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 22:33:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/24 22:33:42 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/10/28 19:57:54 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:02:39 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/02/04 10:53:40 | 000,063,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/20 07:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 17:09:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/16 03:10:38 | 000,378,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 04:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/05/25 12:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/14 20:44:26 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/14 20:44:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/09/14 20:44:23 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/14 20:44:14 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/10/28 19:57:52 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/http:/ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: firefogg%40firefogg.org:309
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: seodoctor%40prelovac.com:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Bc75a27d8-4529-449f-b67b-aba65d7a1c0a%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: verticaltoolbar%40xuldev.org:0.5.1
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nuance@pdf7:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]

[2010/10/20 19:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/11/29 10:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions
[2013/10/14 16:17:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/04/29 12:54:51 | 000,000,000 | ---D | M] (Toggle Web Developer Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
[2013/07/25 16:06:41 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/11/25 14:57:43 | 000,000,000 | ---D | M] (Firefogg) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/11/21 08:15:35 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/03/31 14:57:50 | 000,069,940 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/12/02 19:31:47 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/08/13 15:51:42 | 000,109,265 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2011/12/15 16:53:21 | 000,166,750 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
[2013/05/10 21:31:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/24 17:54:35 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/finance
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: DNL Reader (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdbplug.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: DoNotTrackMe = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_1\
CHR - Extension: Google Drive = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1016_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1021_0\
CHR - Extension: Google Science Fair 2012 = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/29 09:58:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/29 10:39:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/29 10:26:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 10:11:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 10:11:23 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/25 21:17:56 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2013/11/25 21:17:56 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/11/25 21:17:47 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/11/25 09:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/25 06:10:54 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Zemana
[2013/11/25 00:21:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/11/25 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/11/24 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\ID Vault
[2013/11/24 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/11/24 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2013/11/24 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2013/11/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/11/24 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/11/24 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\coupons
[2013/11/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
[2013/11/11 08:54:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/11 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/10 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

========== Files - Modified Within 30 Days ==========

[2013/11/29 10:25:42 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/29 10:19:16 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 10:18:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/29 10:17:47 | 3556,204,543 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/29 10:17:15 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 10:17:15 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 10:09:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/29 10:08:58 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
[2013/11/29 10:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
[2013/11/29 09:58:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/29 09:44:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/29 09:42:18 | 001,091,882 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/29 09:26:22 | 008,114,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/29 08:06:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWizard Associates.job
[2013/11/28 22:16:01 | 001,057,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/28 22:16:01 | 000,858,398 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/28 22:16:01 | 000,194,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 03:02:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/25 21:13:14 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/25 18:07:19 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/24 23:52:48 | 000,001,097 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/11/22 08:11:53 | 000,001,456 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/20 07:25:39 | 000,002,046 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 00:09:50 | 000,002,426 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
[2013/11/10 09:14:54 | 000,001,091 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\KeePass 2.lnk
[2013/11/10 09:14:53 | 000,001,067 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
[2013/11/04 19:21:22 | 000,143,217 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:42 | 011,339,349 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf

========== Files Created - No Company Name ==========

[2013/11/29 10:11:23 | 001,091,882 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/26 03:02:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/11 08:54:25 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/11 08:54:03 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/04 19:21:43 | 000,143,217 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:41 | 011,339,349 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf
[2013/06/28 07:04:02 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2013/06/28 07:04:02 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2013/06/19 15:56:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/22 10:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:11:31 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/20 12:17:09 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/12 07:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\UserTile.png
[2013/02/09 20:02:21 | 000,000,027 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_data
[2013/02/09 20:01:35 | 000,000,000 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_stat_data
[2012/06/26 06:10:06 | 003,668,480 | ---- | C] () -- C:\Windows\SysWow64\CosmoRenderer.dll
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/08 14:09:35 | 000,013,055 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/04/07 14:47:25 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/08 14:46:09 | 000,000,017 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\mpdt294
[2012/03/08 14:46:00 | 000,000,213 | ---- | C] () -- C:\Windows\mapedit2.ini
[2012/02/27 17:53:16 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/25 11:39:29 | 000,007,602 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Resmon.ResmonCfg
[2011/07/03 07:21:12 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/22 10:37:09 | 000,009,728 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 15:56:06 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/14 15:49:24 | 000,013,060 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/12/11 18:52:29 | 000,038,529 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/27 11:55:37 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/20 10:48:33 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/28 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Amazon
[2010/10/26 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Anagram Technologies
[2012/07/06 05:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AnvSoft
[2012/11/12 06:00:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Audacity
[2011/12/27 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Barnes & Noble
[2012/10/12 11:21:19 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Bigasoft Total Video Converter
[2012/03/08 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\BoutellDotCom
[2012/12/31 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\calibre
[2010/11/27 16:21:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Catalina Marketing Corp
[2010/10/31 04:24:56 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/23 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Clip Art Collection
[2010/10/22 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.boston.globereader.32B98E1E109C99C4674A656F6527F42DE7AB8ABA.1
[2011/01/09 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.playsmrt.client
[2013/11/29 10:22:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox
[2012/07/04 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\EasyHtml5Video.com
[2011/04/13 06:18:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eFax Messenger
[2013/08/04 09:14:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eMusic
[2012/06/28 11:08:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\FileZilla
[2011/06/21 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GeoVid
[2011/01/10 06:37:53 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GetRightToGo
[2013/09/09 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\HandBrake
[2013/11/25 06:11:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/07/23 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\IrfanView
[2011/04/13 06:15:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\j2 Global
[2011/11/18 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\JLAdventCalendarLondon2011
[2013/11/25 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\KeePass
[2011/01/05 10:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Moyea
[2013/02/09 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\NewspaperDirect
[2012/04/27 10:21:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Nuance
[2012/06/10 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Opera
[2011/03/28 08:32:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\OverDrive
[2010/10/30 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PACE Anti-Piracy
[2010/10/19 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PictureMover
[2013/09/21 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\proDAD
[2010/10/31 05:28:16 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/21 09:37:54 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Responsive Software
[2010/10/27 14:09:18 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SoftGrid Client
[2010/10/21 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/11 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder
[2011/03/11 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder-Pro
[2011/03/10 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder.B6F3C1D6D38B1C756F6811928A0ADD2133895C94.1
[2012/02/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SWiSH Max3
[2012/10/02 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TeamViewer
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Thunderbird
[2010/10/25 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TP
[2011/07/09 07:25:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Trusteer
[2010/10/22 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/10/25 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\webex
[2010/11/10 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\WinBatch
[2013/11/11 09:39:36 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2012/04/24 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
Machiavelli
Posted 29 November 2013 - 12:35 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Disabling Chrome Plugins

  • We need to disable some Chrome Plugins
  • Start Chrome and type this into the address bar:

chrome:plugins


  • A new tab will open with a list of your installed plugins - Please disable the plugin(s) below by clicking the word Disable.

    • Coupons Inc., Coupon Printer Manager
    • CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0
  • We're done with that step! Well done!

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]


:Files
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan. (This time check Scan All Users!)
  • Copy and paste the contents of the log that it produces into your next post.

Activating Windows

  • Please visit this website.
  • Please try the To activate by using a direct connection method and report back if your Windows is now activated.
  • If not, please go to the Activate using the telephone method and try this
  • Did this work for you?

Problems / Questions

Could you give me a detailed description how the computer is behaving? Still the Windows Genuine Problem? What's about the Norton Uninstall problem?
  • 0

#12
sallyw
Posted 29 November 2013 - 01:24 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
i apparently have 3 (or more?) instances of the coupons plugin? I have disabled 3 and not sure why reports are telling you something else.


Coupons Inc., Coupon Printer Manager - Version: 4.0.2.0 (Disabled)
Coupons, Inc. Coupon Printer Plugin
Name: Coupons Inc., Coupon Printer Manager
Description: Coupons, Inc. Coupon Printer Plugin
Version: 4.0.2.0
Location: C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
Type: NPAPI
Enable
MIME types:
MIME type Description File extensions
application/couponsinc-moz-printer-plugin-v401 Coupons, Inc. Mozilla Print Manager

I ran OTL and applied the fix. rebooted and ran OTL quick scan. copied the result below.

according to FRST I still have a hidden partition with the system and boot.
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 46CB4259)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

thx,
Sally

___________________________________________________________
OTL logfile created on: 11/29/13 1:59:18 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wizard Associates\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

9.75 Gb Total Physical Memory | 7.14 Gb Available Physical Memory | 73.19% Memory free
19.50 Gb Paging File | 16.60 Gb Available in Paging File | 85.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.33 Gb Total Space | 444.17 Gb Free Space | 48.31% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Computer Name: WIZARD | User Name: Wizard Associates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
PRC - [2013/11/24 22:37:21 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/10/25 02:34:06 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/22 17:38:50 | 001,103,712 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/11 09:00:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/29 13:55:29 | 001,175,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._core_.pyd
MOD - [2013/11/29 13:55:29 | 001,153,024 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_ssl.pyd
MOD - [2013/11/29 13:55:29 | 000,805,888 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._gdi_.pyd
MOD - [2013/11/29 13:55:29 | 000,735,232 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._misc_.pyd
MOD - [2013/11/29 13:55:29 | 000,711,680 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_hashlib.pyd
MOD - [2013/11/29 13:55:29 | 000,557,056 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\pysqlite2._sqlite.pyd
MOD - [2013/11/29 13:55:29 | 000,504,832 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\windows._cacheinvalidation.pyd
MOD - [2013/11/29 13:55:29 | 000,364,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\pythoncom27.dll
MOD - [2013/11/29 13:55:29 | 000,320,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32com.shell.shell.pyd
MOD - [2013/11/29 13:55:29 | 000,128,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_elementtree.pyd
MOD - [2013/11/29 13:55:29 | 000,110,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\PyWinTypes27.dll
MOD - [2013/11/29 13:55:29 | 000,108,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32security.pyd
MOD - [2013/11/29 13:55:29 | 000,098,816 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32api.pyd
MOD - [2013/11/29 13:55:29 | 000,087,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_ctypes.pyd
MOD - [2013/11/29 13:55:29 | 000,070,656 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._html2.pyd
MOD - [2013/11/29 13:55:29 | 000,044,032 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_socket.pyd
MOD - [2013/11/29 13:55:29 | 000,035,840 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32process.pyd
MOD - [2013/11/29 13:55:29 | 000,026,624 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\_multiprocessing.pyd
MOD - [2013/11/29 13:55:29 | 000,025,600 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32pdh.pyd
MOD - [2013/11/29 13:55:29 | 000,022,528 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32ts.pyd
MOD - [2013/11/29 13:55:29 | 000,017,408 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32profile.pyd
MOD - [2013/11/29 13:55:29 | 000,011,264 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32crypt.pyd
MOD - [2013/11/29 13:55:28 | 001,062,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._controls_.pyd
MOD - [2013/11/29 13:55:28 | 000,811,008 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._windows_.pyd
MOD - [2013/11/29 13:55:28 | 000,686,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\unicodedata.pyd
MOD - [2013/11/29 13:55:28 | 000,127,488 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\pyexpat.pyd
MOD - [2013/11/29 13:55:28 | 000,122,368 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\wx._wizard.pyd
MOD - [2013/11/29 13:55:28 | 000,119,808 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32file.pyd
MOD - [2013/11/29 13:55:28 | 000,038,912 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32inet.pyd
MOD - [2013/11/29 13:55:28 | 000,018,432 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\win32event.pyd
MOD - [2013/11/29 13:55:28 | 000,010,240 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI11322\select.pyd
MOD - [2013/11/24 22:33:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/24 22:33:42 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/28 19:57:54 | 001,127,152 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:02:39 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/02/04 10:53:40 | 000,063,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/20 07:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 17:09:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/16 03:10:38 | 000,378,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 04:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/05/25 12:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/14 20:44:26 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/14 20:44:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/09/14 20:44:23 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/14 20:44:14 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/10/28 19:57:54 | 000,234,832 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)
DRV - [2013/10/28 19:57:52 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/http:/ [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: firefogg%40firefogg.org:309
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: seodoctor%40prelovac.com:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Bc75a27d8-4529-449f-b67b-aba65d7a1c0a%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: verticaltoolbar%40xuldev.org:0.5.1
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nuance@pdf7:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]

[2010/10/20 19:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/11/29 10:34:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions
[2013/10/14 16:17:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/04/29 12:54:51 | 000,000,000 | ---D | M] (Toggle Web Developer Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
[2013/07/25 16:06:41 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/11/25 14:57:43 | 000,000,000 | ---D | M] (Firefogg) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/11/21 08:15:35 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/03/31 14:57:50 | 000,069,940 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/12/02 19:31:47 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/08/13 15:51:42 | 000,109,265 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2011/12/15 16:53:21 | 000,166,750 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
[2013/05/10 21:31:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/24 17:54:35 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/finance
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: DoNotTrackMe = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_1\
CHR - Extension: Google Drive = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1021_0\
CHR - Extension: Google Science Fair 2012 = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/29 09:58:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\Run: [Akamai NetSession Interface] C:\Users\Wizard Associates\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wizard Associates\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/29 13:50:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 10:39:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/29 10:26:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 10:11:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 10:11:23 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/25 21:17:56 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2013/11/25 21:17:56 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/11/25 21:17:47 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/11/25 09:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/25 06:10:54 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Zemana
[2013/11/25 00:21:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/11/25 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/11/24 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\ID Vault
[2013/11/24 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/11/24 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2013/11/24 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2013/11/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/11/24 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/11/24 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\coupons
[2013/11/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
[2013/11/11 08:54:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/11 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/10 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

========== Files - Modified Within 30 Days ==========

[2013/11/29 14:06:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWizard Associates.job
[2013/11/29 13:54:30 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 13:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/29 13:52:21 | 3556,204,543 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/29 13:51:46 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 13:51:45 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 13:24:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/29 13:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/29 13:08:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
[2013/11/29 11:25:42 | 001,057,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/29 11:25:42 | 000,858,398 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/29 11:25:42 | 000,194,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/29 10:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
[2013/11/29 09:58:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/29 09:44:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/29 09:42:18 | 001,091,882 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/29 09:26:22 | 008,114,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/26 03:02:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/25 21:13:14 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/25 18:07:19 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/24 23:52:48 | 000,001,097 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/11/22 08:11:53 | 000,001,456 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/20 07:25:39 | 000,002,046 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 00:09:50 | 000,002,426 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
[2013/11/10 09:14:54 | 000,001,091 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\KeePass 2.lnk
[2013/11/10 09:14:53 | 000,001,067 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
[2013/11/04 19:21:22 | 000,143,217 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:42 | 011,339,349 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf

========== Files Created - No Company Name ==========

[2013/11/29 10:11:23 | 001,091,882 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/26 03:02:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/11 08:54:25 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/11 08:54:03 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/04 19:21:43 | 000,143,217 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/10/31 13:13:41 | 011,339,349 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\FiveSEOStrategiesthatEveryCompanyNeedstoMaster.pdf
[2013/06/28 07:04:02 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2013/06/28 07:04:02 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2013/06/19 15:56:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/22 10:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:11:31 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/20 12:17:09 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/12 07:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\UserTile.png
[2013/02/09 20:02:21 | 000,000,027 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_data
[2013/02/09 20:01:35 | 000,000,000 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_stat_data
[2012/06/26 06:10:06 | 003,668,480 | ---- | C] () -- C:\Windows\SysWow64\CosmoRenderer.dll
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/08 14:09:35 | 000,013,055 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/04/07 14:47:25 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/08 14:46:09 | 000,000,017 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\mpdt294
[2012/03/08 14:46:00 | 000,000,213 | ---- | C] () -- C:\Windows\mapedit2.ini
[2012/02/27 17:53:16 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/25 11:39:29 | 000,007,602 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Resmon.ResmonCfg
[2011/07/03 07:21:12 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/22 10:37:09 | 000,009,728 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 15:56:06 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/14 15:49:24 | 000,013,060 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/12/11 18:52:29 | 000,038,529 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/27 11:55:37 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/20 10:48:33 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/30 04:27:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Anagram Technologies
[2011/05/30 04:28:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PictureMover
[2011/07/14 04:51:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trusteer
[2012/07/19 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon
[2011/08/25 04:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/08/25 04:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/11/28 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Amazon
[2010/10/26 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Anagram Technologies
[2012/07/06 05:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AnvSoft
[2012/11/12 06:00:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Audacity
[2011/12/27 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Barnes & Noble
[2012/10/12 11:21:19 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Bigasoft Total Video Converter
[2012/03/08 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\BoutellDotCom
[2012/12/31 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\calibre
[2010/11/27 16:21:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Catalina Marketing Corp
[2010/10/31 04:24:56 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/23 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Clip Art Collection
[2010/10/22 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.boston.globereader.32B98E1E109C99C4674A656F6527F42DE7AB8ABA.1
[2011/01/09 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.playsmrt.client
[2013/11/29 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox
[2012/07/04 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\EasyHtml5Video.com
[2011/04/13 06:18:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eFax Messenger
[2013/08/04 09:14:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eMusic
[2012/06/28 11:08:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\FileZilla
[2011/06/21 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GeoVid
[2011/01/10 06:37:53 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GetRightToGo
[2013/09/09 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\HandBrake
[2013/11/25 06:11:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/07/23 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\IrfanView
[2011/04/13 06:15:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\j2 Global
[2011/11/18 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\JLAdventCalendarLondon2011
[2013/11/25 00:18:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\KeePass
[2011/01/05 10:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Moyea
[2013/02/09 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\NewspaperDirect
[2012/04/27 10:21:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Nuance
[2012/06/10 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Opera
[2011/03/28 08:32:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\OverDrive
[2010/10/30 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PACE Anti-Piracy
[2010/10/19 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PictureMover
[2013/09/21 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\proDAD
[2010/10/31 05:28:16 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/21 09:37:54 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Responsive Software
[2010/10/27 14:09:18 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SoftGrid Client
[2010/10/21 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/11 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder
[2011/03/11 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder-Pro
[2011/03/10 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder.B6F3C1D6D38B1C756F6811928A0ADD2133895C94.1
[2012/02/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SWiSH Max3
[2012/10/02 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TeamViewer
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Thunderbird
[2010/10/25 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TP
[2011/07/09 07:25:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Trusteer
[2010/10/22 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/10/25 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\webex
[2010/11/10 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\WinBatch
[2013/11/11 09:39:36 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2012/04/24 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
  • 0

#13
Machiavelli
Posted 29 November 2013 - 01:38 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
We are here volunteers, we have to deal with x threads, with x Users. It isn't easy to have a good overview over a all threads but I give my best to clean your system and I will do so - I'm a trainee here and 16 years old - so I'm going to school. I realized that you are a little bit hastey and overread/overlook my instructions ... That isn't our goal here. Please try to activate Windows and give a detailed description how your system is behaving. Also I like to know which problems you exactly have with Norton. I can't help you if you don't give me information. It's like if you buy a burger. You go to the burger king and shout "I want a Burger" - what would the worker there say? He would ask you further questions [...] It's difficult to help someone who doesn't read my instructions completly. Please do so in future time. ;)

Edited by Machiavelli, 29 November 2013 - 01:53 PM.

  • 0

#14
sallyw
Posted 29 November 2013 - 02:16 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I am unable to activate windows. i submit my product key and am told it's not valid.

I don't see an option to call.

The computer is re-booting better/faster than it did before i did the cleanup.

i can no longer run any microsoft programs.

i will try again to install norton.
  • 0

#15
Machiavelli
Posted 29 November 2013 - 02:25 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I am unable to activate windows. i submit my product key and am told it's not valid.

OK, I made myself on a virtual machine this experience. Please try activating Windows several times (4-5 times) and let's see if it works. Please report back if that worked. Thanks! If not we must try something different.

i will try again to install norton.

Please not, we will deal with that after the malware got removed by Dr. Machiavelli.

The computer is re-booting better/faster than it did before i did the cleanup.

:thumbsup:

i can no longer run any microsoft programs.

Any Error Message? What do you experience when you click on a Microsoft Program? ...

Well done so far. :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP