Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Email login info taken from computer: malware reading from thunderbird

Started by Dryadsong , Mar 31 2014 07:18 PM

This topic is locked

#1
Dryadsong

Posted 31 March 2014 - 07:18 PM

Member

Member
21 posts

Hi there -- this weekend I apparently became a spammer, sending out thousands of spam emails and taking my own server down with all the "mail undeliverable" messages that came back. I got in touch with my host and they shared that it wasn't someone spoofing my address, it actually was being sent through the proper channels, so they suspected that I had a virus or malware that had gotten the information. Now, I use thunderbird as my mail client, and a week ago I had an odd "AVG cannot check the outgoing message for viruses because of the encoding" message that I'd never seen before or since, so that may or may not be related at all. Recent virus scans are all clean, both the one installed (AVG) and TrendMicro's housecall. Obviously there has got to be something, and my computer won't actually load geekstogo.com anymore so I'm using my husband's to post this. I'm not sure where to start. I am running Windows 7 64bit.

Oh, also, I've since changed all the passwords (on another computer) and won't be opening up Thunderbird on that computer at all until I know it's clean. Hopefully this sounds a little familiar to someone?

Here is the OTL information:

OTL logfile created on: 3/31/2014 10:36:20 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meagan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 3.39 Gb Available Physical Memory | 42.40% Memory free

15.98 Gb Paging File | 11.42 Gb Available in Paging File | 71.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 912.41 Gb Total Space | 486.08 Gb Free Space | 53.27% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 33.91 Gb Free Space | 22.75% Space Free | Partition Type: NTFS

Computer Name: MEAGAN-PC | User Name: Meagan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/31 22:35:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe

PRC - [2014/03/09 23:13:17 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

PRC - [2014/02/15 14:36:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2013/11/20 02:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2013/10/23 18:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Meagan\AppData\Local\FluxSoftware\Flux\flux.exe

PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2013/01/10 17:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

PRC - [2013/01/10 15:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe

PRC - [2013/01/10 15:11:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/22 14:43:24 | 001,016,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

PRC - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe

PRC - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/07/06 17:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/09 23:13:17 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

MOD - [2014/02/15 14:36:38 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/10/27 18:46:26 | 004,554,752 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2013/07/21 18:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2013/07/21 18:48:15 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2013/04/15 18:56:17 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

MOD - [2013/04/15 18:56:16 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

MOD - [2013/04/15 18:56:15 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

MOD - [2012/12/12 01:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012/10/05 06:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2010/11/04 21:57:46 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

MOD - [2009/09/02 13:28:56 | 000,175,616 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL

MOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2009/06/10 17:14:46 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

MOD - [2009/06/10 17:14:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

MOD - [2009/06/10 17:14:43 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/10/16 08:35:35 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011/07/07 23:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV - [2014/03/16 09:54:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)

SRV - [2014/03/16 09:54:56 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)

SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)

SRV - [2014/02/15 14:36:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2013/01/10 17:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)

SRV - [2013/01/10 15:45:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2013/01/10 15:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)

SRV - [2013/01/10 15:11:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2011/08/02 18:51:59 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/07/27 07:22:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/07/27 07:22:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/04/21 03:37:55 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/25 02:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/10/23 02:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/09/02 03:58:39 | 000,175,528 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)

DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)

DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)

DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)

DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)

DRV:64bit: - [2013/01/10 15:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2013/01/10 15:33:50 | 000,042,696 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/07/08 00:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/07/07 22:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/09/29 21:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2007/02/03 11:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/02/03 11:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...f5v105k45l1r402

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA407

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 10:24:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/15 14:36:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 14:36:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/19 11:16:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/03/19 11:16:45 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/15 14:36:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/15 14:36:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/19 11:16:44 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/03/19 11:16:45 | 000,000,000 | ---D | M]

[2011/03/21 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions

[2010/11/26 00:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/03/21 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions\[email protected]

[2014/03/21 09:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\n0yvquwz.default-1384014371922\extensions

[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions

[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}

[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions\[email protected]

[2014/02/15 14:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2014/02/15 14:36:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/02/15 14:36:35 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

[2014/02/15 14:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/02/15 14:36:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions

[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]

[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions

[2014/03/28 22:39:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - Extension: YouTube = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: AVG Safe Search = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/03/19 12:20:55 | 000,001,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [Wambo] C:\Program Files (x86)\Wambo.com Swapper\Swapper.exe -auto File not found

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [f.lux] C:\Users\Meagan\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)

O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.13.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.154.22 206.248.154.170

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29784DA4-738D-4A60-82ED-CD66C22DB88D}: DhcpNameServer = 206.248.154.22 206.248.154.170

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A437DBD0-5E42-4779-B414-5B4187C60B97}: DhcpNameServer = 8.8.8.8

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/19 02:42:42 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{50a35f2c-f65d-11e0-af66-4487fca83711}\Shell - "" = AutoRun

O33 - MountPoints2\{50a35f2c-f65d-11e0-af66-4487fca83711}\Shell\AutoRun\command - "" = K:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/31 22:35:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe

[2014/03/21 21:33:34 | 000,000,000 | ---D | C] -- C:\v2d

[2014/03/21 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MKV Video2Dvd

[2014/03/21 21:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free MKV Video2Dvd

[2014/03/20 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Downton Abbey 3b

[2014/03/19 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Local\Cyberlink

[2014/03/19 23:35:40 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Documents\CyberLink

[2014/03/19 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Roaming\CyberLink

[2014/03/19 23:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2014/03/19 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Roaming\ImgBurn

[2014/03/19 23:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2014/03/19 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2014/03/19 21:25:44 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Downton Abbey 3a

[2014/03/19 11:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2014/03/15 19:56:14 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmcomm.sys

[2014/03/04 04:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2014/03/04 04:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2014/03/31 22:35:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe

[2014/03/31 22:03:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/03/31 20:27:00 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task a4e78dc2-fe3a-4d0b-8d79-9af71cc45314.job

[2014/03/31 07:03:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/03/31 01:30:00 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 913c3be2-b810-49a5-b4aa-b10216eeee57.job

[2014/03/29 08:58:41 | 003,547,250 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/03/29 08:58:41 | 001,101,330 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/03/29 08:58:41 | 000,006,376 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/03/20 19:44:36 | 000,002,114 | ---- | M] () -- C:\Users\Meagan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2014/03/19 23:16:55 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2014/03/16 10:14:14 | 001,496,480 | ---- | M] () -- C:\Users\Meagan\AppData\Local\census.cache

[2014/03/16 10:13:44 | 000,123,948 | ---- | M] () -- C:\Users\Meagan\AppData\Local\ars.cache

[2014/03/16 09:54:59 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\taskhost.exe

[2014/03/16 09:54:59 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\dwm.exe

[2014/03/16 09:54:59 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\atieclxx.exe

[2014/03/16 09:54:58 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\WUDFHost.exe

[2014/03/16 09:54:58 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\spoolsv.exe

[2014/03/16 09:54:56 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\atiesrxx.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\winlogon.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\smss.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\services.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\lsm.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\lsass.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\csrss.exe

[2014/03/16 09:47:47 | 000,000,010 | ---- | M] () -- C:\Users\Meagan\AppData\Local\sponge.last.runtime.cache

[2014/03/15 20:14:25 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiuxpag.dll

[2014/03/15 20:14:25 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atidxx32.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiumdva.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiumdag.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiu9pag.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\aticfx32.dll

[2014/03/13 20:21:53 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/13 20:21:53 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/12 03:27:27 | 005,018,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/03/12 03:26:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/03/12 03:24:49 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys

[2014/03/09 23:18:27 | 000,002,048 | ---- | M] () -- C:\Users\Meagan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2014/03/05 20:15:46 | 000,251,867 | ---- | M] () -- C:\Users\Meagan\Desktop\Funny_Thing_Forum_Tickets.pdf

========== Files Created - No Company Name ==========

[2014/03/19 23:16:55 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

[2014/03/19 23:16:55 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2014/03/16 09:54:59 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\taskhost.exe

[2014/03/16 09:54:59 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dwm.exe

[2014/03/16 09:54:59 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\atieclxx.exe

[2014/03/16 09:54:58 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\WUDFHost.exe

[2014/03/16 09:54:58 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\spoolsv.exe

[2014/03/16 09:54:56 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\atiesrxx.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\winlogon.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\smss.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\services.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\lsm.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\lsass.exe

[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\csrss.exe

[2014/03/15 20:14:25 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiuxpag.dll

[2014/03/15 20:14:25 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atidxx32.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiumdva.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiumdag.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiu9pag.dll

[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\aticfx32.dll

[2014/03/15 19:59:24 | 000,000,010 | ---- | C] () -- C:\Users\Meagan\AppData\Local\sponge.last.runtime.cache

[2014/03/05 20:15:46 | 000,251,867 | ---- | C] () -- C:\Users\Meagan\Desktop\Funny_Thing_Forum_Tickets.pdf

[2012/11/29 07:43:31 | 000,007,606 | ---- | C] () -- C:\Users\Meagan\AppData\Local\Resmon.ResmonCfg

[2012/10/24 20:56:57 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll

[2012/10/24 20:56:57 | 000,002,399 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini

[2012/05/28 23:51:54 | 001,496,480 | ---- | C] () -- C:\Users\Meagan\AppData\Local\census.cache

[2012/05/28 23:51:46 | 000,123,948 | ---- | C] () -- C:\Users\Meagan\AppData\Local\ars.cache

[2012/05/28 23:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Meagan\AppData\Local\housecall.guid.cache

[2011/10/20 19:41:02 | 000,006,966 | ---- | C] () -- C:\ProgramData\DYNAMiCS.nfo

[2011/10/20 19:40:53 | 000,006,966 | ---- | C] () -- C:\Program Files\DYNAMiCS.nfo

[2011/06/20 19:41:41 | 000,001,456 | ---- | C] () -- C:\Users\Meagan\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/11/27 14:02:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/26 07:26:53 | 000,000,094 | ---- | C] () -- C:\Users\Meagan\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/26 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Atari

[2012/12/14 00:06:30 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\AVG2013

[2010/12/06 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\BitZipper

[2013/01/10 00:57:15 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\calibre

[2011/06/20 21:54:54 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/12/27 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1

[2011/10/21 20:15:55 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Garritan

[2011/03/28 20:38:27 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ICAClient

[2014/03/19 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ImgBurn

[2011/10/21 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\MakeMusic

[2013/12/21 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\MP3Rocket

[2010/11/25 23:42:14 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Notepad++

[2012/10/16 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Origin

[2011/01/13 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\pdftoepub

[2011/10/21 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Plogue

[2012/04/30 21:18:36 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Sony

[2010/11/26 00:34:59 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Thunderbird

[2011/03/21 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TomTom

[2013/02/03 02:12:35 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TS3Client

[2013/02/03 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ts3overlay

[2012/12/13 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TuneUp Software

[2014/03/29 08:56:46 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\uTorrent

[2013/02/03 02:12:46 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\VASSAL

[2012/08/12 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\WorksImaging

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\Users\Meagan\Desktop\Origin – Order confirmation for order #15858128223.eml:OECustomProperty

@Alternate Data Stream - 937 bytes -> C:\Users\Meagan\Desktop\Your Amazon.com Kindle e-book order confirmation..eml:OECustomProperty

< End of report >

It also saved this file:

OTL Extras logfile created on: 3/31/2014 10:36:20 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meagan\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 3.39 Gb Available Physical Memory | 42.40% Memory free

15.98 Gb Paging File | 11.42 Gb Available in Paging File | 71.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 912.41 Gb Total Space | 486.08 Gb Free Space | 53.27% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 33.91 Gb Free Space | 22.75% Space Free | Partition Type: NTFS

Computer Name: MEAGAN-PC | User Name: Meagan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05B1765C-9E57-4601-9A23-28BF68B53853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2B0F5485-FAD3-4414-9AC2-727E611BDCAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2E53EF41-E97C-4BCE-B54D-5C5B15C5F9F6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{3223A0D8-E009-4268-AF32-AEA2FBCB582E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5159640B-7E59-488D-915D-AD63BE031EC0}" = lport=137 | protocol=17 | dir=in | app=system |

"{5C44A883-7A14-4353-9CD4-B9A1D614FB8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5D36805A-CB62-4011-AB3E-E4FD14AA4AF3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{60105AC4-40FF-4073-9E8F-CBD12170E305}" = lport=2869 | protocol=6 | dir=in | app=system |

"{61435DA1-F59E-4AC8-A492-9B2A3C7A8060}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{688AB610-5A75-4D13-90D7-818DCC8FE5C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6C1FE963-DCB2-4A2E-A719-1CF9C0E74365}" = rport=10243 | protocol=6 | dir=out | app=system |

"{6FCF43C8-32E9-457D-9BEF-D7114CEDB8FB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{76ECD53E-71AA-4C23-B0D2-C404EDA63835}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{774C4DE8-7E24-46BE-A123-661466C9A22B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{83ABCBCD-DFA0-40A6-94FF-01A24CB57ED3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{844F276C-37EB-442B-BB33-2441CF57D0DE}" = lport=139 | protocol=6 | dir=in | app=system |

"{8DC6271C-0E87-4063-B9F9-570A29C9F83F}" = lport=138 | protocol=17 | dir=in | app=system |

"{A12CC99A-2688-43A0-9B11-DDAEF1F07687}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A1FFE026-3845-4D70-9E1C-C98856480FE8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{A42EC31A-C765-4B1D-BE97-A98CED89021A}" = rport=445 | protocol=6 | dir=out | app=system |

"{A56A05B4-7722-4BF7-B1F4-CC767F3A45B0}" = rport=137 | protocol=17 | dir=out | app=system |

"{AE1F0FCD-9926-4344-B0E0-1F4E4B16234D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B2D96113-1527-4B14-8AA3-50E6E1D177CC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B3E4D205-8459-41AD-A794-3C11C8775B21}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BDE17EB6-DB9E-4B96-8B2C-DA88556046C7}" = rport=138 | protocol=17 | dir=out | app=system |

"{C165CA59-481E-434F-9CEB-0F32B1C893BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C1ECD6A5-395E-4EEE-B6DD-4EB5ED4F418D}" = rport=139 | protocol=6 | dir=out | app=system |

"{C4DF993B-6AA0-4A23-B304-A6C25893E876}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03ED7DD3-9B66-4C0E-B5B3-81BC8CE15DEA}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{04B41ECF-6965-4D9E-8FD1-C7B1820F81C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{04CE565B-A8A5-4445-A3EE-D30D21D34CB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0672E811-8701-4AE8-9DFC-F72C210BE7C8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{09766D29-D705-4EF6-A35F-C36EBF291C5E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{0B72DA93-186C-4D23-A73A-9B5E8A812816}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |

"{1BAB5660-43C5-4E58-A17B-7DB3D173B3E0}" = protocol=58 | dir=out | [email protected],-28546 |

"{1E4B8435-8910-4963-9251-6EBE3AF5290E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{1F69C101-39BF-4BC5-8A34-415422C29000}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2069D96B-6A31-4573-B208-0E5317592193}" = protocol=1 | dir=out | [email protected],-28544 |

"{255232B8-1AA2-45A6-A07B-91569E50C63A}" = protocol=6 | dir=in | app=c:\users\meagan\downloads\utorrent(2).exe |

"{260BFBF7-F8FD-48F4-99B7-8FBA6D98E32C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{2AE15A7B-341F-4798-AAF9-FD697816A855}" = protocol=6 | dir=in | app=c:\users\meagan\appdata\roaming\utorrent\utorrent.exe |

"{2D7D15D2-31E7-45FE-8E19-C00BBF4FEC71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{336B9D71-2439-4BE9-96E5-CA05CEC29997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{34D1BD8E-6B2F-4B82-B037-B228F1265955}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{38B44623-BB67-405A-B878-07A4BF7C676B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{3C558B4A-FB59-4578-B451-DBD3DF839571}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{3D5ADBB8-609C-4AFD-8876-094E7840C803}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{400E88E2-05ED-47D4-8CE2-743ABF86A8FC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{408B0314-B9B3-44FA-8ED7-C2A5D8E79A61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{48451F39-5D3E-4B11-891B-45603A1EB8A5}" = protocol=17 | dir=in | app=c:\users\meagan\appdata\roaming\utorrent\utorrent.exe |

"{4AEF6A39-8370-427B-956D-F81A26F59527}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5396B27A-637E-4F04-8D77-CF3E8DF4D002}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{58C52407-3C9C-4D40-865D-95EAF33D6101}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{5AA428FA-C00B-4356-B9DA-ED48D03A9F8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5BCD0CB2-B4B5-4485-9C22-61FB3C8FF801}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{611C2FB9-7874-4DED-9D0F-27B73B778E36}" = protocol=17 | dir=in | app=c:\users\meagan\appdata\roaming\utorrent\utorrent.exe |

"{64262950-7B33-4919-A77D-F9E5FAACDBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{65500E4A-05C7-4601-A2A8-90E3E9212C9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6823BBA0-8FE5-419B-8B7B-9455202F82F6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{7F5B7EB9-DAAA-4DD4-BDCC-A4EDA004C58E}" = protocol=6 | dir=out | app=system |

"{82D96B09-0607-4EA8-81B7-1033D02D76E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{83279737-29B8-469B-A0D1-AFED7C930A99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{83410104-58FB-4FEE-A106-DD602FC1257F}" = protocol=6 | dir=in | app=c:\users\meagan\appdata\roaming\utorrent\utorrent.exe |

"{8AB5CCF2-11B5-47BB-8478-8EE8938B87E5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{8D780F70-4FE5-4442-9004-B94A484A74B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{92F09BA5-5C59-47B4-9EDE-293C706DFF24}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{963400DD-3AF7-4BBC-896C-8A17B02C6B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{963F1639-5C6D-473E-8AD5-88AC97ADB0E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{98126CE1-A8D0-4E16-8C8F-9B36FF4863C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9A2AD518-3B7C-4465-8A81-390EC8DD112D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9CF0E94A-0961-4962-A239-B11F548F45CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A4FAB68E-609E-4B5B-B0A9-7B09E6559D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{AE2E561A-7986-47D9-98E7-46989948CD98}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{B5EB2D20-3C33-4A36-85C3-EBD27A5E5426}" = protocol=58 | dir=in | [email protected],-28545 |

"{B811749D-87F9-4CB8-8AC6-681E0A6D0C03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{BEAF70B4-53E2-4C9B-8DB7-C7D1FA8330A2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{C08D4A9E-7484-4A08-9EAF-CC30E7A3EECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CA39B4BA-C2D1-4070-BE19-4181798D0731}" = protocol=17 | dir=in | app=c:\users\meagan\downloads\utorrent(2).exe |

"{CC28C67D-60F1-47DB-ACC8-EB007B8A7110}" = protocol=6 | dir=in | app=c:\program files (x86)\wambo.com swapper\swapper.exe |

"{D46BD723-5A71-47AD-A935-E66ECECED89F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D48373DC-1A7D-495F-90C4-D5E9AA6C2B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{DEE064D0-AEAF-4567-8C37-7E2AAF394DDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E3A04B5B-77D3-44D4-9102-206F07F82B74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E6720DBE-239B-413D-99A7-66C2C86AE93F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{E8D80877-8A8C-4633-A15B-DB0D67138050}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{ED6D2ED3-DDC0-429C-960E-EBC87201FCEC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{F29FA857-03DE-4695-BD57-C0B123DE271E}" = protocol=17 | dir=in | app=c:\program files (x86)\wambo.com swapper\swapper.exe |

"{F34F72BE-F644-40BC-9584-09E65D718B18}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{F55BA4AB-72BF-4545-B0B6-6EC4F9D41309}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{F6A2FF03-3F6D-4CDB-9EFA-FA199CCAFCEA}" = protocol=1 | dir=in | [email protected],-28543 |

"{F7553B56-E571-478E-9246-B505817FC8AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F8381FE4-475F-4326-8846-35C4B2424506}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F854C622-6B8D-4889-9F2A-FCB0D533F6CB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"TCP Query User{26E089D8-261E-4520-A75D-6608BB6404DB}C:\users\meagan\downloads\utorrent(1).exe" = protocol=6 | dir=in | app=c:\users\meagan\downloads\utorrent(1).exe |

"TCP Query User{6467FCE7-84A9-4EB1-A2B7-137E813012BA}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"TCP Query User{BF875533-F746-43CA-A840-ED1B1562E651}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"TCP Query User{D793BF8D-353C-4CA1-9CF5-E297158B7171}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{E45CF560-6008-409D-B518-E8590AE3533F}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |

"UDP Query User{2F823F87-C273-42B4-A71E-4F8854735EF4}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"UDP Query User{504A4CF4-EDB1-4941-9C7D-8AB18CBE3E1E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{615EF584-B95A-41DD-9221-8587369E8DC1}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |

"UDP Query User{8B42588C-B516-4DE4-BFA3-8BB8BF9C4477}C:\users\meagan\downloads\utorrent(1).exe" = protocol=17 | dir=in | app=c:\users\meagan\downloads\utorrent(1).exe |

"UDP Query User{9D075554-DBED-42FF-91E9-2D25F5A89B22}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"__ARIA_1012___is1" = Garritan ARIA Player v1.02

"__ARIA_1013___is1" = Garritan Instruments for Finale

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.4.3

"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{AB3AFCA5-A2BB-4F31-8FEC-0295DB7BF928}" = AVG 2013

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{EF13DB20-03BE-4EDD-9C48-05ED03E3E852}" = AVG 2013

"ARIA Engine_is1" = ARIA Engine v1.0.9.8

"AVG" = AVG 2013

"VASSAL (3.2.2)" = VASSAL (3.2.2)

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1C45BA84-9713-4067-A029-6A5D96D01977}" = EasyInfo

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing

"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime

"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{414c3ef3-4c66-4921-bec2-75c1ad824efa}" = Staples Copy & Print Online

"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel

"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish

"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional

"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian

"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese

"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff

"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian

"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek

"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff

"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.104.12040

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All

"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{98B88424-054D-4866-8EC1-513616801BAE}" = calibre

"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)

"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish

"{b0941905-5fb6-42ad-9804-609e3ae602c6}" = Nero 9 Essentials

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{CA8B0FB9-69D0-4B50-8342-7CF0C96F10E6}" = Black's Digital Solution Studio

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}" = THX TruStudio PC

"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter

"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static

"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy

"{F7E1DE82-3E2A-924C-35F7-351C0B631A9A}" = Pixtorio Viewer

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.04.8007

"AC3Filter" = AC3Filter (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"Belarc Advisor" = Belarc Advisor 8.2

"BitZipper_is1" = BitZipper 2010

"CameraUserGuide-PSSX130IS" = Canon PowerShot SX130 IS Camera User Guide

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1" = Pixtorio Viewer

"DivX Setup" = DivX Setup

"DVD Flick_is1" = DVD Flick 1.3.0.7

"Eschalon Book I_is1" = Eschalon Book 1 v1.042

"Finale 2011" = Finale 2011

"Free MKV Video2Dvd 3.30_is1" = Free MKV Video2Dvd 3.30

"FrostWire 5" = FrostWire 5.0.7

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"Google Chrome" = Google Chrome

"HotspotShield" = Hotspot Shield 2.83

"Identity Card" = Identity Card

"ImgBurn" = ImgBurn

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)

"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP3 Rocket" = MP3 Rocket

"MyCamera" = Canon Utilities MyCamera

"Notepad++" = Notepad++

"Office14.PUBLISHERR" = Microsoft Publisher 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Origin" = Origin

"PDFtoEPUB" = PDFtoEPUB

"Personal Printing Guide" = Canon Personal Printing Guide

"PhotoStitch" = Canon Utilities PhotoStitch

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VASSAL (3.1.15)" = VASSAL (3.1.15)

"VirtualCloneDrive" = VirtualCloneDrive

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WTA-5564477e-e63e-4540-ae5a-4db1aaf49516" = RollerCoaster Tycoon 3: Platinum

"Xvid_is1" = Xvid 1.2.2 final uninstall

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Flux" = f.lux

"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/13/2013 9:11:34 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

Error - 12/13/2013 9:11:34 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

Error - 12/15/2013 4:29:20 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

Error - 12/15/2013 4:29:20 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

Error - 12/16/2013 4:24:25 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

Error - 12/16/2013 4:24:25 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

Error - 12/22/2013 7:36:59 PM | Computer Name = Meagan-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time

stamp: 0x4bbc5b10 Faulting module name: Photoshop.exe, version: 12.0.0.0, time stamp:

0x4bbc5b10 Exception code: 0xc0000005 Fault offset: 0x0000000001094aa7 Faulting process

id: 0x2050 Faulting application start time: 0x01ceff6e2cd43f4e Faulting application

path: C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe Faulting

module path: C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe Report

Id: f2fcbf02-6b61-11e3-b2ff-4487fca83711

Error - 1/4/2014 1:20:59 AM | Computer Name = Meagan-PC | Source = Application Error | ID = 1000

Description = Faulting application name: lotroclient.exe, version: 1201.54.1950.4009,

time stamp: 0x52a7c664 Faulting module name: D3D11GraphicsCore.dll, version: 1.1.12.0,

time stamp: 0x5279473b Exception code: 0xc0000005 Fault offset: 0x0000a2eb Faulting

process id: 0x1c80 Faulting application start time: 0x01cf08e8c9fa2d07 Faulting application

path: C:\Program Files (x86)\Turbine\The Lord of the Rings Online\lotroclient.exe

Faulting

module path: C:\Program Files (x86)\Turbine\The Lord of the Rings Online\D3D11GraphicsCore.dll

Report

Id: fe76d2da-74ff-11e3-b2ff-4487fca83711

Error - 1/8/2014 11:57:41 PM | Computer Name = Meagan-PC | Source = Software Protection Platform Service | ID = 8211

Description = Update Windows license and product key tokens failed with 0x80070005.

Error - 1/9/2014 12:24:41 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. The BaseIndex value from the

Performance registry is the first DWORD in the Data section, LastCounter value

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

the Data section.

Error - 1/9/2014 12:24:41 AM | Computer Name = Meagan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The first DWORD in the Data section contains the error code.

[ Media Center Events ]

Error - 12/27/2010 3:07:40 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 2:07:40 AM - Error connecting to the internet. 2:07:40 AM - Unable

to contact server..

Error - 12/27/2010 3:08:09 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 2:08:09 AM - Error connecting to the internet. 2:08:09 AM - Unable

to contact server..

Error - 12/27/2010 4:08:55 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 3:08:55 AM - Error connecting to the internet. 3:08:55 AM - Unable

to contact server..

Error - 12/27/2010 4:09:24 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 3:09:24 AM - Error connecting to the internet. 3:09:24 AM - Unable

to contact server..

Error - 12/27/2010 5:10:34 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 4:10:34 AM - Error connecting to the internet. 4:10:34 AM - Unable

to contact server..

Error - 12/27/2010 5:11:04 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 4:11:03 AM - Error connecting to the internet. 4:11:03 AM - Unable

to contact server..

Error - 12/27/2010 6:11:11 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 5:11:11 AM - Error connecting to the internet. 5:11:11 AM - Unable

to contact server..

Error - 12/27/2010 6:11:17 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 5:11:16 AM - Error connecting to the internet. 5:11:16 AM - Unable

to contact server..

Error - 12/27/2010 7:11:30 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 6:11:30 AM - Error connecting to the internet. 6:11:30 AM - Unable

to contact server..

Error - 12/27/2010 7:11:35 AM | Computer Name = Meagan-PC | Source = MCUpdate | ID = 0

Description = 6:11:35 AM - Error connecting to the internet. 6:11:35 AM - Unable

to contact server..

[ System Events ]

Error - 2/13/2014 4:36:49 AM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7006

Description =

Error - 2/13/2014 4:40:51 AM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 2/13/2014 4:40:51 AM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/18/2014 10:31:42 AM | Computer Name = Meagan-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR9.

Error - 3/9/2014 11:07:22 PM | Computer Name = Meagan-PC | Source = DCOM | ID = 10010

Description =

Error - 3/9/2014 11:07:26 PM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7006

Description =

Error - 3/9/2014 11:13:49 PM | Computer Name = Meagan-PC | Source = DCOM | ID = 10010

Description =

Error - 3/9/2014 11:13:52 PM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7006

Description =

Error - 3/12/2014 3:23:33 AM | Computer Name = Meagan-PC | Source = DCOM | ID = 10010

Description =

Error - 3/12/2014 3:23:47 AM | Computer Name = Meagan-PC | Source = Service Control Manager | ID = 7006

Description =

< End of report >

Edited by Dryadsong, 01 April 2014 - 06:41 AM.

#2
Dryadsong

Posted 31 March 2014 - 09:13 PM

Member

Topic Starter
Member
21 posts

(ignore this - pasted the second report up above and can't figure out how to delete this reply)

Edited by Dryadsong, 01 April 2014 - 06:43 AM.

#3
Render

Posted 01 April 2014 - 10:40 AM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
Please tell me if you have your original Windows CD/DVD available
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Note: If avast! antivirus is already installed, just do the next step.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.
Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply

#4
Dryadsong

Posted 01 April 2014 - 07:27 PM

Member

Topic Starter
Member
21 posts

Here you are:

Run date: 2014-04-01 19:26:37

-----------------------------

19:26:37.933 OS Version: Windows x64 6.1.7601 Service Pack 1

19:26:37.933 Number of processors: 8 586 0x1E05

19:26:37.933 ComputerName: MEAGAN-PC UserName: Meagan

19:26:39.206 Initialize success

19:28:01.945 AVAST engine defs: 14040101

19:29:01.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

19:29:01.662 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3

19:29:01.662 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

19:29:01.677 Disk 1 Vendor: ST316081 3.AA Size: 152627MB BusType: 3

19:29:01.771 Disk 0 MBR read successfully

19:29:01.787 Disk 0 MBR scan

19:29:01.787 Disk 0 unknown MBR code

19:29:01.787 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048

19:29:01.818 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936

19:29:01.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 934311 MB offset 40052736

19:29:01.865 Disk 0 scanning C:\windows\system32\drivers

19:29:11.568 Service scanning

19:29:30.210 Modules scanning

19:29:30.725 Disk 0 trace - called modules:

19:29:30.740 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

19:29:30.756 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de7790]

19:29:30.756 3 CLASSPNP.SYS[fffff88001b9c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b12050]

19:29:33.533 AVAST engine scan C:\windows

19:29:37.620 AVAST engine scan C:\windows\system32

19:33:19.949 AVAST engine scan C:\windows\system32\drivers

19:33:42.288 AVAST engine scan C:\Users\Meagan

20:02:23.306 AVAST engine scan C:\ProgramData

20:05:45.407 Scan finished successfully

21:24:58.925 Disk 0 MBR has been saved successfully to "C:\Users\Meagan\Desktop\Shared Removal\MBR.dat"

21:24:58.940 The log file has been saved successfully to "C:\Users\Meagan\Desktop\Shared Removal\aswMBR.txt"

Attached Files

MBR.dat 512bytes 253 downloads

#5
Render

Posted 02 April 2014 - 03:31 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please open Thunderbird and look into your Sent folder. Are there messages that you did not send? Are they being sent to your contacts (people in your address book)?

#6
Dryadsong

Posted 02 April 2014 - 06:58 AM

Member

Topic Starter
Member
21 posts

Hi there -- no, my Thunderbird folder looks right. My hosting company did send me a log that proved that they were using my email login information, though; did you want that? My personal computer is the only place I ever enter that information into, so I'm quite sure that if there is malware involved, that's where it'll be. The recipients, based on the hundreds upon hundreds of "mail cannot be delivered to sender" messages, were the usual random emails that spammers try to get a hit on. They weren't accessing my contacts.

#7
Render

Posted 02 April 2014 - 07:44 AM

Trusted Helper

Malware Removal
4,195 posts

OK. It looks like you are (or precisely, your e-mail address is) victim of so called e-mail spoofing. You actually can't do anything about this. For security measures it is recommended to change password on that e-mail account and also all passwords on accounts you registered using that e-mail. You can read more about this HERE.

To be sure we will continue with some scans, so please follow the the steps bellow:

Please download Malwarebytes Anti-Malwareto your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.
Post that log.

#8
Dryadsong

Posted 02 April 2014 - 06:07 PM

Member

Topic Starter
Member
21 posts

Hello! First, the reason I think it's not spoofing is because when I contacted my hosting company, they said this:

Hi,

Unfortunately, those are not spoofed mails - but it was sent from your email account itself. Or in other words, the password of the email was compromised and spammers abused it. Here is the logs;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2014-03-30 15:50:12 1WULkA-0005Px-Vp < = [my email removed] H=(itdrqhv) [182.178.202.255]:52295 P=esmtpa A=dovecot_login:[my email removed] S=411 T="Vast FreeViagra" for [5 other people's email removed]
2014-03-30 15:50:12 1WULkA-0005Px-Vp no immediate delivery: more than 30 messages received in one connection
2014-03-30 16:03:28 cwd=/root 3 args: /usr/sbin/exim -Mvl 1WULkA-0005Px-Vp
2014-03-30 16:44:11 1WULkA-0005Px-Vp SMTP connection outbound 1396212251 1WULkA-0005Px-Vp dryadsong.com [someone's email removed]
2014-03-30 16:44:11 1WULkA-0005Px-Vp SMTP connection outbound 1396212251 1WULkA-0005Px-Vp dryadsong.com [someone's email removed]
2014-03-30 16:44:11 1WULkA-0005Px-Vp SMTP connection outbound 1396212251 1WULkA-0005Px-Vp dryadsong.com [someone's email removed]
2014-03-30 16:44:11 1WULkA-0005Px-Vp SMTP connection outbound 1396212251 1WULkA-0005Px-Vp dryadsong.com [someone's email removed]
2014-03-30 16:44:11 1WULkA-0005Px-Vp SMTP connection outbound 1396212251 1WULkA-0005Px-Vp dryadsong.com [someone's email removed]

(Contd...)

I hope that mess of data makes more sense to you than it does to me. :/

I ran MalwareBytes and here is the log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2014
Scan Time: 7:37:08 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Meagan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266099
Time Elapsed: 16 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [867a06fa14ec4ab65126f516d62cd927],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [867a06fa14ec4ab65126f516d62cd927],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [867a06fa14ec4ab65126f516d62cd927],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [867a06fa14ec4ab65126f516d62cd927],

Registry Values: 2
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_application, http://go.microsoft....Id=57426&Ext=%s, Quarantined, [1de328d8c63a59a7ef70906139c930d0]
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application, http://go.microsoft....Id=57426&Ext=%s, Quarantined, [6997ed13728e59a77ce324cdab5723dd]

Registry Data: 2
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, http://www.helpmeope...m/?n=app&ext=%s, Good: (http://shell.windows.com/fileassoc/Bad: (http://www.helpmeope...m/?n=app&ext=%s),Replaced,[2fd1c13f0df39b65cd702de2768e936d]x/xml/redir.asp?Ext=%s), %5
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, http://www.helpmeope...m/?n=app&ext=%s, Good: (http://shell.windows.com/fileassoc/Bad: (http://www.helpmeope...m/?n=app&ext=%s),Replaced,[b749cc34ff01ef113ffe7798b54f4db3]x/xml/redir.asp?Ext=%s), %5

Folders: 0
(No malicious items detected)

Files: 10
PUP.Optional.OutBrowse, C:\Users\Meagan\AppData\Local\Temp\DownloadManager.exe, Quarantined, [867a06fa14ec4ab65126f516d62cd927],
PUP.Optional.Installrex, C:\Users\Meagan\AppData\Local\Temp\gc9psxOA.exe.part, Quarantined, [32ce11eff50bdc240e9572968a7759a7],
PUP.Optional.Installex, C:\Users\Meagan\AppData\Local\Temp\6a5DAmRH.exe.part, Quarantined, [46ba6e925aa60cf4bbfcb7469a666e92],
PUP.Optional.Installrex, C:\Users\Meagan\AppData\Local\Temp\rrGTty5y.exe.part, Quarantined, [cc34af5158a808f8465d37d16f92a759],
PUP.Optional.OpenCandy, C:\Users\Meagan\AppData\Local\Temp\nsnF607.tmp\OCSetupHlp.dll, Quarantined, [2bd5718ff50b857b4ea70c283ec61ce4],
PUP.Optional.Softonic, C:\Users\Meagan\Downloads\SoftonicDownloader_for_swapper.exe, Quarantined, [50b0778959a725db01ce1ce0e91733cd],
PUP.Optional.Smart, C:\Users\Meagan\Downloads\FreePDFtoWORDsetup.exe, Quarantined, [7888f010f10f5da36b2a916f35cc56aa],
PUP.Optional.OpenCandy, C:\Users\Meagan\Downloads\frostwire-5.0.7.windows.exe, Quarantined, [33cd58a87a86f20eaf4679bb5fa5738d],
PUP.Optional.OpenCandy, C:\Users\Meagan\Downloads\SetupImgBurn_2.5.8.0.exe, Quarantined, [9a66b749b44c748c6194c66ef4107888],
PUP.Optional.OpenCandy, C:\Users\Meagan\Downloads\mp3rocket_6_3_15_0.exe, Quarantined, [c63a8d73d62a35cb9461b87c12f2619f],

Physical Sectors: 0
(No malicious items detected)

(end)

#9
Render

Posted 03 April 2014 - 08:13 AM

Trusted Helper

Malware Removal
4,195 posts

Yes, unfortunately from provided log it looks like your e-mail account was compromised.

Now... As you said, you've already changed password on that account. When we'll finish with malware hunting and be sure that system is clean, we'll change it again. For now we will do some deeper digging.

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.

Double click on ComboFix.exe and follow the prompts.
Accept the disclaimer and allow to update if it asks.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

#10
Dryadsong

Posted 03 April 2014 - 06:11 PM

Member

Topic Starter
Member
21 posts

Here you are:

ComboFix 14-04-03.01 - Meagan 04/03/2014 19:55:30.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5418 [GMT -4:00]

Running from: c:\users\Meagan\Desktop\ComboFix.exe

AV: AVG AntiVirus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\SysWow64\atieclxx.exe

c:\windows\SysWow64\atiesrxx.exe

c:\windows\SysWow64\dwm.exe

c:\windows\SysWow64\lsm.exe

c:\windows\SysWow64\spoolsv.exe

c:\windows\SysWow64\taskhost.exe

c:\windows\SysWow64\WUDFHost.exe

((((((((((((((((((((((((( Files Created from 2014-03-04 to 2014-04-04 )))))))))))))))))))))))))))))))

2014-04-04 00:01 . 2014-04-04 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-04-03 00:15 . 2014-04-03 00:15 -------- d-----w- c:\programdata\Oracle

2014-04-03 00:14 . 2014-04-03 00:14 -------- d-----w- c:\program files (x86)\Common Files\Java

2014-04-03 00:14 . 2013-12-19 01:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-02 23:19 . 2014-04-03 23:19 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-02 23:19 . 2014-04-02 23:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-04-02 23:19 . 2014-04-02 23:19 -------- d-----w- c:\programdata\Malwarebytes

2014-04-02 23:19 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-02 23:19 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-02 23:19 . 2014-03-05 13:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-04-02 23:18 . 2014-04-02 23:18 -------- d-----w- c:\users\Meagan\AppData\Local\Programs

2014-03-22 01:33 . 2014-03-22 01:34 -------- d-----w- C:\v2d

2014-03-22 01:33 . 2014-03-22 01:33 -------- d-----w- c:\program files (x86)\Free MKV Video2Dvd

2014-03-21 00:08 . 2014-03-21 01:41 -------- d-----w- c:\users\Meagan\Downton Abbey 3b

2014-03-20 03:35 . 2014-03-20 03:35 -------- d-----w- c:\users\Public\CyberLink

2014-03-20 03:35 . 2014-03-20 03:35 -------- d-----w- c:\users\Meagan\AppData\Local\Cyberlink

2014-03-20 03:35 . 2014-03-20 03:35 -------- d-----w- c:\programdata\CyberLink

2014-03-20 03:35 . 2014-03-20 03:35 -------- d-----w- c:\users\Meagan\AppData\Roaming\CyberLink

2014-03-20 03:26 . 2014-03-20 03:37 -------- d-----w- c:\users\Meagan\AppData\Roaming\ImgBurn

2014-03-20 03:16 . 2014-03-20 03:16 -------- d-----w- c:\program files (x86)\ImgBurn

2014-03-20 01:25 . 2014-03-20 02:43 -------- d-----w- c:\users\Meagan\Downton Abbey 3a

2014-03-19 15:16 . 2014-03-20 23:44 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2014-03-16 13:54 . 2014-03-16 13:54 0 ----a-w- c:\windows\SysWow64\winlogon.exe

2014-03-16 13:54 . 2014-03-16 13:54 0 ----a-w- c:\windows\SysWow64\smss.exe

2014-03-16 13:54 . 2014-03-16 13:54 0 ----a-w- c:\windows\SysWow64\services.exe

2014-03-16 13:54 . 2014-03-16 13:54 0 ----a-w- c:\windows\SysWow64\lsass.exe

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\atiuxpag.dll

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\atidxx32.dll

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\atiumdva.dll

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\atiumdag.dll

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\atiu9pag.dll

2014-03-16 00:14 . 2014-03-16 00:14 0 ----a-w- c:\windows\system32\aticfx32.dll

2014-03-15 23:56 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-03-18 02:51 . 2010-11-26 01:07 90015360 ----a-w- c:\windows\system32\MRT.exe

2014-03-10 03:13 . 2012-04-12 13:25 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-03-10 03:13 . 2011-06-12 13:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-21 07:37 433648 ----a-w- c:\programdata\Partner\Partner.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2013-01-03 20:49 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-09 5622512]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]

"f.lux"="c:\users\Meagan\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-01-22 1016320]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/w...=92&ver=9.0.894" [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]

R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]

R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]

R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]

R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]

S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]

S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys;c:\windows\SYSNATIVE\DRIVERS\CamDrL64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMWEBACCESSCONTROL

*Deregistered* - MBAMWebAccessControl

*Deregistered* - tmcomm

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-15 19:57 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 00:15]

2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 00:15]

2014-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 913c3be2-b810-49a5-b4aa-b10216eeee57.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

2014-04-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a4e78dc2-fe3a-4d0b-8d79-9af71cc45314.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-21 07:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-09-30 17920]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

------- Supplementary Scan -------

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ca/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 206.248.154.22 206.248.154.170

FF - ProfilePath - c:\users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\n0yvquwz.default-1384014371922\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

Wow6432Node-HKLM-Run-Wambo - c:\program files (x86)\Wambo.com Swapper\Swapper.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

AddRemove-AC3Filter - c:\program files (x86)\AC3Filter\uninstall.exe

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2622109790-567874436-1267608907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (S-1-5-21-2622109790-567874436-1267608907-1000)

@Denied: (2) (LocalSystem)

"Progid"="ThunderbirdEML"

[HKEY_USERS\S-1-5-21-2622109790-567874436-1267608907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

Completion time: 2014-04-03 20:04:23

ComboFix-quarantined-files.txt 2014-04-04 00:04

Pre-Run: 524,117,590,016 bytes free

Post-Run: 530,866,024,448 bytes free

- - End Of File - - 30A7B9BBB108D47544B0A811DD2D0D08

#11
Dryadsong

Posted 04 April 2014 - 02:52 PM

Member

Topic Starter
Member
21 posts

Hey there -- just as a head's up: I'll be away for a couple of days so you won't see a reply until possibly Sunday night or Monday morning. I haven't abandoned the quest but I have to be out of town this weekend. Thank you very much for all you've been doing so far.

#12
Render

Posted 06 April 2014 - 06:49 AM

Trusted Helper

Malware Removal
4,195 posts

Please proceed with following scans:

ESET Online Scanner

Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the Run ESET Online Scanner button.

Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

SecurityCheck Scan

Please download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#13
Dryadsong

Posted 07 April 2014 - 06:50 AM

Member

Topic Starter
Member
21 posts

Okay, here's the ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a367fa9be9e02c4db19bb119f12a7ad5
# engine=17775
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-07 03:47:17
# local_time=2014-04-06 11:47:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1044 16777213 100 88 0 83033221 0 0
# compatibility_mode=5893 16776574 100 94 22392191 148385887 0 0
# scanned=377820
# found=13
# cleaned=0
# scan_time=11467
sh=FA0B54329B9028EC1FDD3DAA449BC9182A5DAF17 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2010-0840.NAN trojan" ac=I fn="C:\Users\Meagan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4d466edb-140cb8b4"
sh=B45806F85A8EFA8AA923A09B28B26EE1FCFD97BA ft=1 fh=021ef04e4af54844 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Meagan\Downloads\ccsetup309.exe"
sh=880685514DF5FB2366D23E502749B896E15C5FEF ft=1 fh=45192640007d5c2d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Meagan\Downloads\HSS-2.83-install-download-80-conduit.exe"
sh=9D8501348EAA411B2E6A0946E54682DC5263D1CA ft=1 fh=78689b2d27246b22 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="C:\Users\Meagan\Downloads\mp3rocket.exe"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Meagan\Downloads\Shockwave_Installer_Slim(3).exe"
sh=A33D60E7C118DF178EF0BE1DC2841233AFF0C741 ft=1 fh=4197c0f1cbcf4ac1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Meagan\Downloads\Shockwave_Installer_Slim(4).exe"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Meagan\Downloads\Adobe Master Suite CS4 Keys for Windows + Disable Activation\Disable Activation.cmd"
sh=6A804D6B09267AF60DD895FE79FD650A87991D13 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.T potentially unsafe application" ac=I fn="C:\Users\Meagan\Downloads\MakeMusic_Finale_2011.r2_HYBRID_ISO-RBS\r-mf2011\r-mf2011.iso"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=FC4EB4C4C435E5994B76666E68C928F5E54CE727 ft=1 fh=0cbb88057912f97d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Meg\Desktop\KeyFinderInstaller.exe"
sh=94DC7DD6619AC9CA3EF4F53E5B0D8A91A0C8B23F ft=1 fh=fd6fe14576c98bc8 vn="a variant of Win32/HotSpotShield potentially unwanted application" ac=I fn="E:\Program Files\Hotspot Shield\bin\openvpnas.exe"
sh=6DCAFC6262C2468E23B02B9BD4C26A77D5C1919C ft=1 fh=aaeca61b26c35e4e vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="E:\Program Files\LimeWire\.NetworkShare\LimeWireWin5.5.10.exe"

and the Security Check log:

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.4.0)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#14
Render

Posted 07 April 2014 - 08:47 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please avoid cracks and keygens. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. Also uninstall all cracked programs like Adobe Photoshop CS5, Make music Finale, etc.

NEXT...

Please delete these files:

C:\Users\Meagan\Downloads\ccsetup309.exe

C:\Users\Meagan\Downloads\HSS-2.83-install-download-80-conduit.exe

C:\Users\Meagan\Downloads\mp3rocket.exe

C:\Users\Meagan\Downloads\Shockwave_Installer_Slim(3).exe

C:\Users\Meagan\Downloads\Shockwave_Installer_Slim(4).exe

C:\Users\Meagan\Downloads\Adobe Master Suite CS4 Keys for Windows + Disable Activation\Disable Activation.cmd

C:\Users\Meagan\Downloads\MakeMusic_Finale_2011.r2_HYBRID_ISO-RBS\r-mf2011\r-mf2011.iso

C:\Windows\System32\Adobe\Shockwave 12\gt.exe

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe

E:\Documents and Settings\Meg\Desktop\KeyFinderInstaller.exe

E:\Program Files\Hotspot Shield\bin\openvpnas.exe

E:\Program Files\LimeWire\.NetworkShare\LimeWireWin5.5.10.exe

NEXT...

What is on partition E? It looks like it's some old Windows installation.

NEXT...

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#15
Dryadsong

Posted 07 April 2014 - 08:36 PM

Member

Topic Starter
Member
21 posts

Okay, I've uninstalled the programs and deleted the files. Drive E is actually the hard drive from my old computer -- I just stuffed it into the new one in case I needed access to files. I keep meaning to transfer things over and then format it but I haven't gotten to it yet.

Here is the log after the fix:

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Meagan\Desktop\cmd.bat deleted successfully.
C:\Users\Meagan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Meagan
->Temp folder emptied: 173322287 bytes
->Temporary Internet Files folder emptied: 22308261 bytes
->Java cache emptied: 513632 bytes
->FireFox cache emptied: 228369888 bytes
->Google Chrome cache emptied: 6487462 bytes
->Flash cache emptied: 259589 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14661002 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304877 bytes
RecycleBin emptied: 8122852635 bytes

Total Files Cleaned = 8,212.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Meagan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Meagan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04072014_202856

Files\Folders moved on Reboot...
C:\Users\Meagan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Meagan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

and here is the log after the scan:

OTL logfile created on: 4/7/2014 8:36:54 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Meagan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.02 Gb Available Physical Memory | 62.85% Memory free
15.98 Gb Paging File | 12.84 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.41 Gb Total Space | 503.56 Gb Free Space | 55.19% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 34.39 Gb Free Space | 23.07% Space Free | Partition Type: NTFS

Computer Name: MEAGAN-PC | User Name: Meagan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/31 22:35:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe
PRC - [2014/03/28 22:39:52 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 02:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/10/23 18:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Meagan\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/22 14:43:24 | 001,016,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe
PRC - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/11/17 18:18:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/28 22:39:52 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 04:46:15 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6075432058b0de45ff925a5a78272154\IAStorUtil.ni.dll
MOD - [2014/02/13 04:42:48 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/13 04:42:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 04:42:18 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 04:42:13 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 04:42:02 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 04:41:58 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 04:41:55 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 04:41:54 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 04:41:47 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/10/27 18:46:26 | 004,554,752 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/07/21 18:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 18:48:15 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/04/15 18:56:17 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/04/15 18:56:16 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2013/04/15 18:56:15 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/12/12 01:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 06:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 21:58:10 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 21:57:46 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009/11/17 18:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/09/02 13:28:56 | 000,175,616 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/06/10 17:14:46 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/06/10 17:14:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/06/10 17:14:43 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/16 08:35:35 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/07 23:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/28 22:39:52 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/03/16 09:54:48 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/07/02 11:19:30 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/08/02 18:51:59 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/27 07:22:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/07/27 07:22:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/04/21 03:37:55 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/12/09 05:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/07 20:33:24 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/25 02:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 02:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2013/01/10 15:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 00:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 22:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/29 21:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/02/03 11:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 11:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 10:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 22:39:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/28 22:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/19 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/03/19 11:16:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 22:39:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/28 22:39:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/19 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/03/19 11:16:45 | 000,000,000 | ---D | M]

[2011/03/21 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions
[2010/11/26 00:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/21 18:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/03/21 09:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\Firefox\Profiles\n0yvquwz.default-1384014371922\extensions
[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions
[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/11/26 00:22:11 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Meagan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\dzafh970.default\extensions\[email protected]
[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/03/28 22:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 22:39:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: AVG Safe Search = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Meagan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2014/04/03 20:02:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [f.lux] C:\Users\Meagan\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.154.22 206.248.154.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29784DA4-738D-4A60-82ED-CD66C22DB88D}: DhcpNameServer = 206.248.154.22 206.248.154.170
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/19 02:42:42 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/07 20:28:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/07 19:51:33 | 000,000,000 | ---D | C] -- C:\windows\en
[2014/04/07 19:51:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/04/07 19:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/04/06 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/03 20:04:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/04/03 20:04:24 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014/04/03 19:54:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/04/03 19:54:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/04/03 19:54:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/04/03 19:54:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/03 19:54:04 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/04/03 19:53:21 | 005,193,944 | R--- | C] (Swearware) -- C:\Users\Meagan\Desktop\ComboFix.exe
[2014/04/02 20:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/02 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/02 20:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/02 19:19:58 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/02 19:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/02 19:19:45 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/02 19:19:45 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/02 19:19:45 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/02 19:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/02 19:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/02 19:18:07 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Local\Programs
[2014/04/02 19:16:52 | 017,523,384 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Meagan\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/01 19:26:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Meagan\Desktop\aswMBR.exe
[2014/03/31 22:45:30 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Desktop\Shared Removal
[2014/03/31 22:35:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe
[2014/03/28 22:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/21 21:33:34 | 000,000,000 | ---D | C] -- C:\v2d
[2014/03/21 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MKV Video2Dvd
[2014/03/21 21:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free MKV Video2Dvd
[2014/03/20 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Downton Abbey 3b
[2014/03/19 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Local\Cyberlink
[2014/03/19 23:35:40 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Documents\CyberLink
[2014/03/19 23:35:39 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Roaming\CyberLink
[2014/03/19 23:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014/03/19 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Meagan\AppData\Roaming\ImgBurn
[2014/03/19 23:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/03/19 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/03/19 21:25:44 | 000,000,000 | ---D | C] -- C:\Users\Meagan\Downton Abbey 3a
[2014/03/19 11:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/03/15 19:56:14 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\windows\SysNative\drivers\tmcomm.sys

========== Files - Modified Within 30 Days ==========

[2014/04/07 20:33:24 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 20:33:11 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 20:32:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/07 20:32:41 | 2140,491,775 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/07 20:27:00 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task a4e78dc2-fe3a-4d0b-8d79-9af71cc45314.job
[2014/04/07 20:03:07 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 20:03:06 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 20:03:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/07 20:00:21 | 003,633,924 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/07 20:00:21 | 001,130,632 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/07 20:00:21 | 000,006,376 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/07 19:41:13 | 000,445,335 | ---- | M] () -- C:\Users\Meagan\Desktop\Meagan-Sewing.jpg
[2014/04/07 08:47:36 | 000,987,448 | ---- | M] () -- C:\Users\Meagan\Desktop\SecurityCheck.exe
[2014/04/07 01:30:00 | 000,000,512 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 913c3be2-b810-49a5-b4aa-b10216eeee57.job
[2014/04/03 20:02:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/04/03 19:53:22 | 005,193,944 | R--- | M] (Swearware) -- C:\Users\Meagan\Desktop\ComboFix.exe
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/02 23:05:40 | 000,237,007 | ---- | M] () -- C:\Users\Meagan\Desktop\page2.png
[2014/04/02 23:05:25 | 000,263,283 | ---- | M] () -- C:\Users\Meagan\Desktop\invite.png
[2014/04/02 19:39:36 | 005,018,336 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/02 19:29:22 | 000,002,048 | ---- | M] () -- C:\Users\Meagan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/02 19:16:13 | 017,523,384 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Meagan\Desktop\mbam-setup-2.0.0.1000.exe
[2014/04/01 19:25:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Meagan\Desktop\aswMBR.exe
[2014/03/31 22:35:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meagan\Desktop\OTL.exe
[2014/03/20 19:44:36 | 000,002,114 | ---- | M] () -- C:\Users\Meagan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/19 23:16:55 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/03/16 10:14:14 | 001,496,480 | ---- | M] () -- C:\Users\Meagan\AppData\Local\census.cache
[2014/03/16 10:13:44 | 000,123,948 | ---- | M] () -- C:\Users\Meagan\AppData\Local\ars.cache
[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\winlogon.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\smss.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\services.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\lsass.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\csrss.exe
[2014/03/16 09:47:47 | 000,000,010 | ---- | M] () -- C:\Users\Meagan\AppData\Local\sponge.last.runtime.cache
[2014/03/15 20:14:25 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiuxpag.dll
[2014/03/15 20:14:25 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atidxx32.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiumdva.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiumdag.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\atiu9pag.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\aticfx32.dll

========== Files Created - No Company Name ==========

[2014/04/07 19:51:16 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/04/07 19:51:08 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2014/04/07 19:41:12 | 000,445,335 | ---- | C] () -- C:\Users\Meagan\Desktop\Meagan-Sewing.jpg
[2014/04/07 08:47:36 | 000,987,448 | ---- | C] () -- C:\Users\Meagan\Desktop\SecurityCheck.exe
[2014/04/03 19:54:18 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/04/03 19:54:18 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/04/03 19:54:18 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/04/03 19:54:18 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/04/03 19:54:18 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/04/02 23:05:40 | 000,237,007 | ---- | C] () -- C:\Users\Meagan\Desktop\page2.png
[2014/04/02 23:05:25 | 000,263,283 | ---- | C] () -- C:\Users\Meagan\Desktop\invite.png
[2014/03/19 23:16:55 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/03/19 23:16:55 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\winlogon.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\smss.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\services.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\lsass.exe
[2014/03/16 09:54:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\csrss.exe
[2014/03/15 20:14:25 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiuxpag.dll
[2014/03/15 20:14:25 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atidxx32.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiumdva.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiumdag.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\atiu9pag.dll
[2014/03/15 20:14:23 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\aticfx32.dll
[2014/03/15 19:59:24 | 000,000,010 | ---- | C] () -- C:\Users\Meagan\AppData\Local\sponge.last.runtime.cache
[2012/11/29 07:43:31 | 000,007,606 | ---- | C] () -- C:\Users\Meagan\AppData\Local\Resmon.ResmonCfg
[2012/10/24 20:56:57 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2012/10/24 20:56:57 | 000,002,399 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012/05/28 23:51:54 | 001,496,480 | ---- | C] () -- C:\Users\Meagan\AppData\Local\census.cache
[2012/05/28 23:51:46 | 000,123,948 | ---- | C] () -- C:\Users\Meagan\AppData\Local\ars.cache
[2012/05/28 23:44:13 | 000,000,036 | ---- | C] () -- C:\Users\Meagan\AppData\Local\housecall.guid.cache
[2011/10/20 19:41:02 | 000,006,966 | ---- | C] () -- C:\ProgramData\DYNAMiCS.nfo
[2011/10/20 19:40:53 | 000,006,966 | ---- | C] () -- C:\Program Files\DYNAMiCS.nfo
[2011/06/20 19:41:41 | 000,001,456 | ---- | C] () -- C:\Users\Meagan\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/27 14:02:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 07:26:53 | 000,000,094 | ---- | C] () -- C:\Users\Meagan\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/26 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Atari
[2012/12/14 00:06:30 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\AVG2013
[2010/12/06 11:34:44 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\BitZipper
[2013/01/10 00:57:15 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\calibre
[2011/06/20 21:54:54 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/27 13:10:11 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2011/10/21 20:15:55 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Garritan
[2011/03/28 20:38:27 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ICAClient
[2014/03/19 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ImgBurn
[2011/10/21 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\MakeMusic
[2013/12/21 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\MP3Rocket
[2010/11/25 23:42:14 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Notepad++
[2012/10/16 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Origin
[2011/01/13 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\pdftoepub
[2011/10/21 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Plogue
[2012/04/30 21:18:36 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Sony
[2010/11/26 00:34:59 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\Thunderbird
[2011/03/21 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TomTom
[2013/02/03 02:12:35 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TS3Client
[2013/02/03 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\ts3overlay
[2012/12/13 23:33:02 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\TuneUp Software
[2014/04/06 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\uTorrent
[2013/02/03 02:12:46 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\VASSAL
[2012/08/12 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\Meagan\AppData\Roaming\WorksImaging

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\Users\Meagan\Desktop\Origin – Order confirmation for order #15858128223.eml:OECustomProperty
@Alternate Data Stream - 937 bytes -> C:\Users\Meagan\Desktop\Your Amazon.com Kindle e-book order confirmation..eml:OECustomProperty

< End of report >