Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't uninstall search.us.com windows 7 [Closed]


  • This topic is locked This topic is locked

#1
santogug

santogug

    New Member

  • Member
  • Pip
  • 1 posts
OTL logfile created on: 12/7/2013 12:33:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\download\OldTimer
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.04% Memory free
5.93 Gb Paging File | 4.20 Gb Available in Paging File | 70.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.44 Gb Total Space | 19.17 Gb Free Space | 32.80% Space Free | Partition Type: NTFS
Drive D: | 90.51 Gb Total Space | 13.83 Gb Free Space | 15.28% Space Free | Partition Type: NTFS

Computer Name: ITS-PC | User Name: ITS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\download\OldTimer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll ()
MOD - C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
MOD - C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ()
MOD - C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (syncagentsrv) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Diskeeper) -- C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe (Condusiv Technologies)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (EUFDDISK0) -- C:\Windows\system32\drivers\EUFDDISK0.sys File not found
DRV - (EUBKMON0) -- C:\Windows\system32\drivers\EUBKMON0.sys File not found
DRV - (EUBAKUP0) -- C:\Windows\system32\drivers\EUBAKUP0.sys File not found
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis International GmbH)
DRV - (tib_mounter) -- C:\Windows\System32\drivers\tib_mounter.sys (Acronis)
DRV - (tib) -- C:\Windows\System32\drivers\tib.sys (Acronis International GmbH)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis International GmbH)
DRV - (vidsflt) -- C:\Windows\System32\drivers\vidsflt.sys (Acronis International GmbH)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis International GmbH)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (EUFDDISK) -- C:\Windows\System32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\Windows\System32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\System32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (DKTLFSMF) -- C:\Windows\System32\drivers\DKTLFSMF.sys (Condusiv Technologies)
DRV - (DKRtWrt) -- C:\Windows\System32\drivers\DKRtWrt.sys (Condusiv Technologies)
DRV - (DKDFM) -- C:\Windows\System32\drivers\DKDFM.sys (Condusiv Technologies)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {296528D4-2D04-48AD-8832-014B233B74C6}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...87FB596C6&SSPV=
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 1B 6B AE BD D7 CD 01 [binary data]
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS355
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\SearchScopes\{8D460936-3721-4BA2-9EC4-57450E76C87D}: "URL" = http://www.google.co...1I7ADRA_enUS355
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2ghost.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ITS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ITS\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2012/12/22 09:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla FireFox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ITS\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.1007 (Enabled) = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1007_0\ChromeLogMeIn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Disabled) = C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2ghost.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: MaskMe = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg\1.38.339_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1031_0\
CHR - Extension: Skype Click to Call = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: LogMeIn = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj\1.0.0.1029_0\
CHR - Extension: Google Wallet = C:\Users\ITS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {17222712-A673-4EA2-96B7-DABFF66C0068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:HKU - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\Toolbar\WebBrowser: (m 7Zip.tv Search.us.com Toolbar) - {17222712-A673-4EA2-96B7-DABFF66C0068} - C:\Users\ITS\AppData\Local\TNT2\Profiles\10269\passport.dll (Search.Us.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B373FC10-806D-4D21-9FB5-94343D177CAA}: DhcpNameServer = 208.59.247.45 208.59.247.46 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B373FC10-806D-4D21-9FB5-94343D177CAA}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3C64466-9D49-4042-BE8C-A1CBB73FDBAE}: DhcpNameServer = 208.59.247.45 208.59.247.46 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3C64466-9D49-4042-BE8C-A1CBB73FDBAE}: NameServer = 208.59.247.45,208.59.247.46,8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2286f94d-afe1-11e0-8ec3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2286f94d-afe1-11e0-8ec3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TrueImage2012HD.exe
O33 - MountPoints2\{4528f085-6639-11e2-893c-6c626d022b16}\Shell - "" = AutoRun
O33 - MountPoints2\{4528f085-6639-11e2-893c-6c626d022b16}\Shell\AutoRun\command - "" = F:\1.EXE
O33 - MountPoints2\{a30eb540-38e0-11e2-b4ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a30eb540-38e0-11e2-b4ed-806e6f6e6963}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler index_V373.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 16:16:40 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\fontconfig
[2013/12/06 16:08:51 | 000,000,000 | ---D | C] -- C:\Users\ITS\Documents\convertedVideos
[2013/12/06 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\SkinSoft
[2013/12/06 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/12/06 16:00:08 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Roaming\convertaudiofree
[2013/12/06 16:00:08 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\cache
[2013/12/06 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\ITS\Documents\Mobogenie
[2013/12/06 16:00:01 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\Mobogenie
[2013/12/06 15:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2013/12/06 15:57:35 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Roaming\Systweak
[2013/12/06 15:57:31 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/12/06 15:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/06 15:55:23 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\NativeMessaging
[2013/12/06 15:55:20 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\Conduit
[2013/12/06 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\CRE
[2013/12/06 15:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/12/05 18:40:56 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/12/05 13:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2013/12/03 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\ITS\Documents\Downloads
[2013/12/03 15:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/03 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2013/12/03 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2013/11/24 11:59:48 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/24 11:59:48 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/24 11:59:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/24 11:59:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/24 11:59:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/24 11:59:46 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/24 11:59:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/24 11:59:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/24 11:59:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/24 11:59:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/24 11:52:47 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/24 11:52:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/24 11:52:32 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/24 11:52:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/24 11:52:26 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/24 11:52:26 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/16 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/11/08 09:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/08 09:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/08 09:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/08 09:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/07 12:33:21 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/12/07 12:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/07 12:29:57 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2013/12/07 12:28:34 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 12:28:34 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 12:23:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/07 12:23:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/07 12:23:22 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 12:04:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155743008-2449458158-1983807240-1001UA.job
[2013/12/07 12:04:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 16:11:37 | 000,000,138 | ---- | M] () -- C:\Users\ITS\AppData\Roaming\settings.xml
[2013/12/06 15:57:46 | 000,000,009 | ---- | M] () -- C:\end
[2013/12/06 14:04:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155743008-2449458158-1983807240-1001Core.job
[2013/12/05 18:40:56 | 000,000,981 | ---- | M] () -- C:\Users\ITS\Desktop\Handbrake.lnk
[2013/12/05 13:19:14 | 000,000,847 | ---- | M] () -- C:\Users\ITS\Desktop\µTorrent.lnk
[2013/12/05 13:19:14 | 000,000,827 | ---- | M] () -- C:\Users\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/05 08:26:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/05 08:26:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/03 15:37:48 | 000,662,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/03 15:37:48 | 000,122,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/03 15:31:06 | 000,002,057 | ---- | M] () -- C:\Users\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2013/12/03 15:31:06 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2013/11/17 11:49:09 | 003,808,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/08 09:16:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/07 12:28:36 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2013/12/06 16:08:51 | 000,000,138 | ---- | C] () -- C:\Users\ITS\AppData\Roaming\settings.xml
[2013/12/05 13:19:14 | 000,000,847 | ---- | C] () -- C:\Users\ITS\Desktop\µTorrent.lnk
[2013/12/05 13:19:14 | 000,000,827 | ---- | C] () -- C:\Users\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/12/03 15:31:06 | 000,002,057 | ---- | C] () -- C:\Users\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2013/12/03 15:31:06 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2013/12/03 15:31:06 | 000,000,174 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url
[2013/11/08 09:16:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/27 10:35:14 | 000,007,601 | ---- | C] () -- C:\Users\ITS\AppData\Local\Resmon.ResmonCfg
[2013/04/14 15:32:59 | 000,007,680 | ---- | C] () -- C:\Users\ITS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/27 11:26:50 | 000,002,828 | ---- | C] () -- C:\Users\ITS\advanced_ip_scanner_MAC.bin
[2013/01/03 11:44:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/01/03 11:44:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/01/03 11:44:57 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM11A.DAT
[2012/12/12 10:05:39 | 000,057,344 | ---- | C] () -- C:\Windows\WNMHINDR.EXE
[2012/12/12 10:05:39 | 000,024,576 | ---- | C] () -- C:\Windows\System32\NMH040A.DLL
[2012/12/05 17:33:35 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/12/01 11:56:36 | 000,000,448 | ---- | C] () -- C:\Users\ITS\proxy.html
[2012/09/21 13:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/09/21 13:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/09/21 13:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/08/27 10:22:07 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/29 10:26:16 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Acronis
[2012/12/13 11:36:31 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\AnvSoft
[2012/12/13 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Ashampoo
[2013/03/29 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Ashampoo Slideshow Studio HD 2
[2013/04/14 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\avidemux
[2012/12/14 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Babylon
[2013/09/05 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\canon
[2013/09/05 11:46:07 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Canon_Inc_IC
[2013/08/01 13:55:39 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/03 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Condusiv_Technologies
[2013/12/06 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\convertaudiofree
[2013/01/11 12:50:16 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Garmin
[2012/12/12 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Genieo
[2012/12/14 13:14:21 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\GoforFiles
[2013/12/06 15:27:18 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\HandBrake
[2013/01/14 10:37:11 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Leadertech
[2013/12/03 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\OpenCandy
[2012/12/12 10:49:26 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\QwiklinxForChrome
[2013/11/16 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/14 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Strongvault
[2012/12/12 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\SuperEasy Software
[2013/12/06 16:39:19 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Systweak
[2012/12/20 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\TightVNC
[2013/12/06 17:03:09 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\uTorrent
[2012/12/13 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Wondershare Video Converter Ultimate

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 12/7/2013 12:33:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\download\OldTimer
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.04% Memory free
5.93 Gb Paging File | 4.20 Gb Available in Paging File | 70.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58.44 Gb Total Space | 19.17 Gb Free Space | 32.80% Space Free | Partition Type: NTFS
Drive D: | 90.51 Gb Total Space | 13.83 Gb Free Space | 15.28% Space Free | Partition Type: NTFS

Computer Name: ITS-PC | User Name: ITS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.MNPM7JHEMWITN3PPRJQTY3KHGA] -- C:\Users\ITS\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B74DC3E-4564-44B0-927F-B30C83EC2C12}" = lport=10243 | protocol=6 | dir=in | app=system |
"{137B9E3C-80A9-42AF-B335-6BE80B02E716}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B6424DD-CC16-44A9-8B05-774CF4CE3B89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2010BCB1-9509-4DA5-AF46-724E0E75C192}" = rport=138 | protocol=17 | dir=out | app=system |
"{219CAC49-3C8E-4A3F-B701-4DD688395607}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B070F8C-2B1B-445D-820B-52453FEC275E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34ACF2B4-952C-42AE-A7E2-82E7A477EDBA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{36EAA447-5185-4D7F-8784-62486C2E7659}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{39C8C476-84D8-49AA-B974-FF9EF00A8DBC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C672630-19CD-42CA-B8F8-546E02DCE113}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F0FD746-956F-4D97-893B-26247FA91791}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4405613C-143D-4092-A45B-DFAC647414D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{68E9B263-C9D0-41ED-9D0B-01A06532C3CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D5281CE-131F-4093-9D7E-54A8CA36788A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72C57FA2-FA83-46E7-8EA6-CA4F268DBF92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D8E7688-0765-42F2-A46E-184DBC8659AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{83FD3596-C0DF-4173-87E5-7A5D26ECF6D5}" = rport=137 | protocol=17 | dir=out | app=system |
"{8E9D9604-0CE2-4C7A-893E-684DAE642D3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{997F34BD-54A6-4FFF-BB32-E14492FFA700}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5FF7658-57E7-4B66-ACC8-30D23BFFA80B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3BB7130-10EB-4A01-8623-B16726FB94B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D13AB435-BFE8-464A-970F-FF95820EEAC6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DAA32ED4-4D6E-4984-BD6C-09A12CD81438}" = rport=445 | protocol=6 | dir=out | app=system |
"{E711A0ED-1916-4482-B466-F553B2872BC8}" = lport=445 | protocol=6 | dir=in | app=system |
"{FED113A5-55DC-4B6E-BB48-FB2672D9AC6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C93FF2-69F3-4F4D-8ABC-3971B8C3D4DE}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{074F4E53-E8B6-49E7-B39F-B67D4DDEA5AD}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{0889844C-9279-490D-9B9D-D82F29C5C069}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{105B9F33-D1FE-41ED-B4C3-F4E777AD4FF2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AF4A867-E357-4768-9E94-91A7CB557565}" = protocol=1 | dir=out | [email protected],-28544 |
"{1BD88A82-1FD8-40DB-B917-2673335C5D8D}" = protocol=6 | dir=in | app=c:\users\its\appdata\roaming\utorrent\utorrent.exe |
"{21662528-CB91-4E86-86D3-90E3FCBF78A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{273550A1-E2EE-40DB-B195-05C4661BAAE7}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{27ACC597-F8BB-4536-B127-CFAEBD844E24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A7B4788-2143-4311-AC1C-581C91147B26}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{34B0C527-365E-4412-A4F3-EA7699780CE7}" = protocol=1 | dir=in | [email protected],-28543 |
"{34F466D8-ED55-4890-AF24-888B48F11FC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{36076025-C5BA-4D12-BE68-A3A2400307FF}" = protocol=1 | dir=in | name=pinging |
"{3A3F5998-10D5-4EEC-8023-75ACC9540ED0}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{3CCD3EDB-3461-4F08-919E-033050030708}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
"{3FBD9F20-1093-4C3E-A31D-0873BFAB6599}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{4E855B08-B65E-4120-8FFD-D94F162CC3FE}" = protocol=6 | dir=in | app=c:\users\its\appdata\local\google\chrome\application\chrome.exe |
"{5200BA64-D431-4E46-A3AF-49AA04B6EC2E}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{5706299B-2EC0-445C-8C2A-FAFB311965AC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5CD71F7A-4E3B-4D6F-9BFC-8B5759F970BD}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{5E210226-11E8-4AB7-82E5-CD10A5DAE866}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EB31BC6-21D2-45E2-B99F-2AF058005306}" = protocol=58 | dir=out | [email protected],-28546 |
"{66C72CF9-7B87-4E3C-B85C-3B0B2265C227}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6D2DBF27-024D-406C-92B4-2CBE892C6F5D}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{7363A10E-2CE8-4710-A8D3-BE3F8D18AC4D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{73D1FA0A-4D1D-4E10-AAC7-B2B4055B1582}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8E4966-2C41-4C2E-B5AE-CE8F5C35DBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{826C3348-DD20-40A8-B093-D0BDA859A0D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8601B96A-A519-420C-B421-A355F0192290}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{87946456-C0DA-47E3-B608-BAC771594CEF}" = protocol=17 | dir=in | app=c:\users\its\appdata\roaming\utorrent\utorrent.exe |
"{8B1E97F5-1C74-4707-9D78-29B6C78885E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90625C69-681E-403C-B1E0-E9191A7148B7}" = protocol=58 | dir=in | [email protected],-28545 |
"{9408BDC6-0FB2-4FC2-B143-C85880D99CA0}" = protocol=17 | dir=in | app=c:\users\its\appdata\local\google\chrome\application\chrome.exe |
"{A1BAFEDA-8DE8-48B4-ACA4-E3A838B54A9B}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{AADD63E1-F7A1-4660-8054-797F9FE34C8D}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{AB65A2A7-E587-4BDB-A542-1BFFC36E8BA4}" = protocol=6 | dir=out | app=system |
"{AFE2C45E-6047-4095-B392-402CCA5DC1AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B10A385B-A157-4BF0-B989-F52D29E1EFB2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B1F925C8-8ECA-443D-B018-CE34D53875F7}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbconsoleui.exe |
"{B43F295A-8FD7-4959-95FF-EE4A59C699D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5C287E7-37F8-4493-90C8-AE30D3286262}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{BCABED76-27B6-4E77-A8A9-2F1A99FD612B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C275AEC6-0FDB-4863-8BB5-EA83A17DADBA}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\tbservice.exe |
"{C5A5098C-ECFA-414D-BC40-FAA5B5505790}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{C9AEB727-EBC9-4D95-A9FD-A8A45882D7C2}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{DB10B8B5-C2A3-4682-8352-1A9EDB2C8EE4}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{E0013B59-5B8E-4F4C-B43F-8026C491AC82}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{E07CD8BD-9A28-4073-B8D0-D51F6B8C8FD2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E602AC7C-EB36-4D6E-858C-816D760EA6F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E62CF31D-7F6E-4FCD-97D9-3AB95063CADC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F8CFE205-4C44-480E-92AC-4EC9EAA3C581}" = dir=out | app=%programfiles%\tightvnc\tvnviewer.exe |
"{FFD35ABA-7EBE-409B-B1AE-0A7B27E1696A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{12750BD7-4628-4A8B-9D04-2579BFB63133}D:\test\sender.exe" = protocol=6 | dir=in | app=d:\test\sender.exe |
"TCP Query User{935E68BE-1B34-46B4-A03F-73B10FA4E3B3}C:\users\its\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\its\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{B815E7E7-8859-493B-8CAE-6B50F73DB9A2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2DFEC8A9-26CE-4FC4-8241-6C9D3BCFB79B}D:\test\sender.exe" = protocol=17 | dir=in | app=d:\test\sender.exe |
"UDP Query User{B4A1F9EC-3FEC-4637-8935-898A36A43164}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FC675B64-9DBD-437F-99F1-BC65E37F9731}C:\users\its\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\its\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{414D143D-7DB6-47A6-9E23-1914FD1B535A}_is1" = Incomedia WebSite X5 v9 - Compact
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{5C5778DB-3E5A-499D-865D-740E67D1F165}" = LogMeIn
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}" = HL-5470DW
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}" = True Image 2013
"{75BC2136-B6A1-4F3B-8A69-55E39C647B1F}Visible" = True Image 2013
"{7774E6AB-D658-40A2-B9FA-7136FA917BAE}" = Advanced IP Scanner
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FDEDFA3-C1F2-4A8D-8727-7759D4C433E4}" = Oracle VM VirtualBox 4.2.6
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91B33C97-9E02-D93E-656C-D2D81585F29B}_is1" = Ashampoo Photo Optimizer 5 v.5.3.0
"{91B33C97-C201-47CC-5004-C35C8472437F}_is1" = Ashampoo Slideshow Studio HD 2 v.2.0.5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981B8EDC-E693-4F22-9694-C0FF8E56F134}" = TightVNC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.179
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E939B548-9BFA-4E1D-94F3-520B384B34C1}" = Diskeeper 12 Professional
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.4
"Any Video Converter_is1" = Any Video Converter 3.5.7
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"CameraUserGuide-PSSX50HS" = Canon PowerShot SX50 HS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Digital Photo Professional" = Canon Utilities Digital Photo Professional
"EaseUS Todo Backup Workstation 5.0_is1" = EaseUS Todo Backup Workstation 5.0
"HandBrake" = HandBrake 0.9.9.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"VideoToolkit_is1" = Kate's Video Toolkit 7.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B64FE6A9-1E9B-4323-BCCF-F749C9DE7597}" = Search.us.com
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2013 10:22:36 AM | Computer Name = ITS-PC | Source = SendoriService | ID = 99
Description = In the enable methodObject reference not set to an instance of an
object.

Error - 12/4/2013 10:38:28 AM | Computer Name = ITS-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 12/5/2013 12:28:38 PM | Computer Name = ITS-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 12/6/2013 2:08:33 PM | Computer Name = ITS-PC | Source = SendoriService | ID = 99
Description = In the enable methodObject reference not set to an instance of an
object.

Error - 12/6/2013 2:23:51 PM | Computer Name = ITS-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 12/6/2013 5:59:06 PM | Computer Name = ITS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegCleanPro.exe, version: 6.21.65.2703,
time stamp: 0x51de6a2f Faulting module name: RegCleanPro.exe, version: 6.21.65.2703,
time stamp: 0x51de6a2f Exception code: 0xc0000005 Fault offset: 0x0001f9c3 Faulting
process id: 0x16bc Faulting application start time: 0x01cef2ce29ceca49 Faulting application
path: C:\Program Files\RegClean Pro\RegCleanPro.exe Faulting module path: C:\Program
Files\RegClean Pro\RegCleanPro.exe Report Id: 9fea2a73-5ec1-11e3-a27c-6c626d022b16

Error - 12/6/2013 6:14:19 PM | Computer Name = ITS-PC | Source = Application Hang | ID = 1002
Description = The program FreeAVITOMP4Converter.exe version 2.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26d8 Start
Time: 01cef2cfb96817b2 Termination Time: 46 Application Path: C:\Program Files\convertaudiofree\Free
Avi To Mp4 Converter\FreeAVITOMP4Converter.exe Report Id:

Error - 12/6/2013 6:16:09 PM | Computer Name = ITS-PC | Source = Application Hang | ID = 1002
Description = The program FreeAVITOMP4Converter.exe version 2.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e70 Start
Time: 01cef2d08c54b615 Termination Time: 338 Application Path: C:\Program Files\convertaudiofree\Free
Avi To Mp4 Converter\FreeAVITOMP4Converter.exe Report Id:

Error - 12/6/2013 6:34:00 PM | Computer Name = ITS-PC | Source = Application Hang | ID = 1002
Description = The program AVSVideoConverter.exe version 8.4.2.541 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 19e8 Start
Time: 01cef2d256fd6677 Termination Time: 21 Application Path: C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe

Report
Id:

Error - 12/7/2013 2:04:59 PM | Computer Name = ITS-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

[ System Events ]
Error - 6/13/2013 10:58:30 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/14/2013 11:31:08 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/15/2013 11:54:06 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/18/2013 10:38:53 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/18/2013 5:09:53 PM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/20/2013 11:14:32 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/21/2013 10:09:14 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/22/2013 11:30:55 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/24/2013 12:16:00 PM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/25/2013 10:32:26 AM | Computer Name = ITS-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

Thanks in advance for any assistance you may be able to provide me with.

Edited by santogug, 07 December 2013 - 02:11 PM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) I'm currently submitting a fix for my teacher to review and will post as soon as I receive his approval.
  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's get started. :)


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.



Step 1: Program Uninstall

Please uninstall the following programs from your machine. These programs have very poor reputations and often do more harm than good.

  • Systweak or Advanced System Optimizer
  • bl
  • ph

If you do not see these in the Progams list, don't worry, continue with the next step. :)



Step 2: Disable Chrome Plugin


  • There is a plugin in Chrome that need to be disabled, please follow the instructions below to disable it.
  • Start Chrome and type this into the address bar: chrome:plugins
  • This will display a page of all the installed plugins. Please disable the plugin in the list below by clicking the word Disable under it.
  • Ghost



Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {296528D4-2D04-48AD-8832-014B233B74C6}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...87FB596C6&SSPV=
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2ghost.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Users\ITS\AppData\Local\TNT2\2.0.0.1267\npTNT2.dll (Search.Us.com)
O3 - HKLM\..\Toolbar: (no name) - {17222712-A673-4EA2-96B7-DABFF66C0068} - No CLSID value found
O3:HKU - HKU\S-1-5-21-1155743008-2449458158-1983807240-1001\..\Toolbar\WebBrowser: (m 7Zip.tv Search.us.com Toolbar) - {17222712-A673-4EA2-96B7-DABFF66C0068} - C:\Users\ITS\AppData\Local\TNT2\Profiles\10269\passport.dll (Search.Us.com)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O33 - MountPoints2\{4528f085-6639-11e2-893c-6c626d022b16}\Shell - "" = AutoRun
O33 - MountPoints2\{4528f085-6639-11e2-893c-6c626d022b16}\Shell\AutoRun\command - "" = F:\1.EXE
[2013/12/06 16:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/12/06 15:57:35 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Roaming\Systweak
[2013/12/06 15:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/06 15:55:23 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\NativeMessaging
[2013/12/06 15:55:20 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\Conduit
[2013/12/06 15:55:16 | 000,000,000 | ---D | C] -- C:\Users\ITS\AppData\Local\CRE
[2013/12/06 15:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/12/06 15:57:46 | 000,000,009 | ---- | M] () -- C:\end
[2012/12/14 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Babylon
[2012/12/14 13:14:21 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\GoforFiles
[2013/12/03 15:31:03 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\OpenCandy
[2012/12/12 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\ITS\AppData\Roaming\Genieo
[2013/12/06 15:57:31 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

:Files
C:\Users\ITS\AppData\Local\TNT2

:Commands
[emptytemp]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 5: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Step 6: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button.
  • OTL will scan your machine and produce one log this time.
  • Please post that log in your next reply.



Things I need to see in your next post:

  • OTL Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • OTL Quick Scan Log

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP