Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Pop ups, new tabs, slow.. please help!

Started by pyroazmb , Apr 14 2014 03:19 PM

This topic is locked

#1
pyroazmb

Posted 14 April 2014 - 03:19 PM

Member

Member
11 posts

I seem to be having no luck with figuring out how to remove this problem. I've tried running a scan a couple weeks ago, but the results came back clean. When I click on a link, or sometimes I won't click anything at all and a pop-up will come on the screen or a new tab will open. My computer seems to be running slower than usual and seems to be behaving irregular. I have downloaded OTL and am ready for the next steps. Can someone please help? Thank you!

#2
zep516

Posted 14 April 2014 - 03:30 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please post the 2 logs that OTL generated.

1 OTL.TXT

2 Extra's .TXT

Thanks

Joe

#3
pyroazmb

Posted 14 April 2014 - 04:10 PM

Member

Topic Starter
Member
11 posts

OTL logfile created on: 4/14/2014 2:48:42 PM - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 54.77% Memory free
16.00 Gb Paging File | 11.63 Gb Available in Paging File | 72.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.20 Gb Total Space | 144.96 Gb Free Space | 31.99% Space Free | Partition Type: NTFS

Computer Name: PYROAZMB | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
PRC - [2014/04/12 21:34:40 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe
PRC - [2014/04/10 19:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe
PRC - [2014/03/29 01:16:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/19 05:24:28 | 000,842,088 | ---- | M] (Spigot, Inc.) -- C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE
PRC - [2014/03/11 16:49:40 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/04 02:06:08 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
PRC - [2013/09/03 06:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/11 15:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/01/12 07:08:56 | 001,523,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/29 01:16:00 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/11 16:49:39 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/12 03:34:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:33:47 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\45f490388fbd195e201a1c46e3045086\PresentationFramework.ni.dll
MOD - [2014/02/12 03:33:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:33:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:33:26 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\473ff277c41d6fe614535a1f6102674a\PresentationCore.ni.dll
MOD - [2014/02/12 03:33:17 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:33:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:33:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:33:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:33:02 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/12 07:08:52 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
MOD - [2010/11/04 18:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 23:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/04/12 21:34:40 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2014/04/10 19:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014/03/29 01:16:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 16:49:42 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/04 02:06:08 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe -- (ConvertFilesforFreeUpdt)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/20 16:16:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 12:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 12:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 20:55:48 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 06:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/28 18:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 18:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/09/01 23:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/31 20:08:06 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 23:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
DRV:64bit: - [2009/07/15 01:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{57913FED-86D6-4182-89B2-E68AEA0ABD81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{103215E5-63D5-4D84-AE58-43CAA2A30485}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{249EA421-8F3B-4786-8362-3064655120E1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{B4837E54-7933-484D-BB87-D08F6E635936}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=340e50d9d"
FF - prefs.js..extensions.enabledAddons: quick_start%40gmail.com:3.1.9
FF - prefs.js..extensions.enabledAddons: extension%40Convert_Files_for_Free.com:7.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Helen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/11/12 13:47:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/28 22:49:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 18:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\fnzt0wzi.default\extensions\[email protected] [2014/04/12 21:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\extension@Convert_Files_for_Free.com: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com [2014/04/12 22:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/28 20:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions
[2014/04/13 09:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions
[2014/04/12 21:34:22 | 000,000,000 | ---D | M] ("Quick Start") -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions\[email protected]
[2014/04/13 09:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions\staged
[2013/08/05 15:47:48 | 000,000,915 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\mozilla\firefox\profiles\fnzt0wzi.default\searchplugins\yahoo.xml
[2014/03/29 01:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:16:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/12 22:05:17 | 000,000,000 | ---D | M] (ConvertFilesforFree) -- C:\PROGRAM FILES (X86)\CONVERT FILES FOR FREE\EXTENSION@CONVERT_FILES_FOR_FREE.COM

========== Chrome ==========

CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = http://search.v9.com...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.v9.com/?t...psd&t=340e50d9d
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Helen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Invite All = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0\
CHR - Extension: avast! WebRep = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Click here to Select all friends = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefbbnblngelpldjnnihgincocdpcgdn\5.1_0\
CHR - Extension: Quick Start = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.0_0\
CHR - Extension: Quick Start = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.3_0\

O1 HOSTS File: ([2012/02/28 21:14:54 | 000,002,198 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 127.0.0.1 practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 wip.adobe.com
O1 - Hosts: 127.0.0.1 wip1.aobe.com
O1 - Hosts: 127.0.0.1 wip2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.wip.adobe.com
O1 - Hosts: 127.0.0.1 www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com
O1 - Hosts: 18 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Helen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [SearchProtection] C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Helen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB866F4-674E-4238-8ACD-13E587A87F43}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5E0124-0AA9-4565-8C8C-519351CD646A}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E20B0E0-42F0-4025-AA5B-C8263114F87D}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F82CDEF-B537-47A5-80F9-FBC9E7F62C29}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99787CC4-9787-4BF0-B731-CD582FDDA68E}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5ACD1B4-78E9-4D70-83C3-E87B30AC3F7C}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA82412B-FD98-4004-8471-711CD7DEC234}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\TL_Bootstrap.exe
O33 - MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LG_PC_Programs.exe
O33 - MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\setup.exe -a
O33 - MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\Install.bat
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell\setup\command - "" = I:\Install.bat
O33 - MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\UEZLink.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\UEZLink.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/14 14:11:11 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/12 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2014/04/12 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert Files for Free
[2014/04/12 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\SupTab
[2014/04/12 21:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/04/12 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/04/12 21:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/04/12 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\v9
[2014/04/12 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Wise
[2014/04/11 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Adobe Mini Bridge CS5.1
[2014/04/08 20:54:58 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/08 20:54:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/08 20:54:58 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/08 20:54:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/08 20:54:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/08 20:54:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/08 20:54:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/08 20:54:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/08 20:54:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/08 20:54:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/03/29 01:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/26 00:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/20 19:27:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helen\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/14 14:49:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/14 14:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/14 13:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/14 12:42:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/14 12:37:47 | 003,842,935 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:45 | 002,337,926 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:32:28 | 096,086,399 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 12:32:28 | 000,269,776 | ---- | M] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3.sfk
[2014/04/14 12:32:28 | 000,064,656 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs.mp4.sfk
[2014/04/14 12:32:28 | 000,042,880 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4.sfk
[2014/04/14 11:58:22 | 002,755,999 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:52 | 004,137,157 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/14 03:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/14 00:42:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/13 21:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/13 20:48:30 | 011,977,510 | ---- | M] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:22 | 007,828,438 | ---- | M] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 17:46:09 | 010,802,833 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 17:44:28 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/13 17:44:28 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/13 17:44:28 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/13 15:48:35 | 000,643,949 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | M] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | M] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | M] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:22:50 | 001,380,112 | ---- | M] () -- C:\Users\Helen\Desktop\flipp promo.jpg
[2014/04/13 13:07:15 | 001,687,379 | ---- | M] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:03:24 | 000,189,304 | ---- | M] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:51:21 | 000,514,427 | ---- | M] () -- C:\Users\Helen\Desktop\Problem-Understand-Me-EP-Artwork.jpg
[2014/04/13 11:03:01 | 002,166,378 | ---- | M] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 22:05:20 | 000,000,002 | ---- | M] () -- C:\END
[2014/04/12 22:04:57 | 000,002,602 | ---- | M] () -- C:\Users\Helen\Desktop\Google Chrome.lnk
[2014/04/12 22:04:57 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/12 22:04:55 | 000,001,673 | ---- | M] () -- C:\Users\Helen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/12 22:03:35 | 002,260,640 | ---- | M] () -- C:\Users\Helen\Desktop\Step.Brothers.Extended.Edition.2008.1080p.BRRip.x264.AC3-Kay.exe
[2014/04/12 20:59:33 | 004,547,032 | ---- | M] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/12 18:22:01 | 000,227,998 | ---- | M] () -- C:\Users\Helen\Desktop\MOMS CAKE.jpeg
[2014/04/12 17:52:20 | 001,276,797 | ---- | M] () -- C:\Users\Helen\Desktop\CLAUDIA-PERFECTION-IN-TIGHT-LEATHER-BY-BOSSMANZHE-psd99875.psd
[2014/04/12 17:50:50 | 001,478,037 | ---- | M] () -- C:\Users\Helen\Desktop\CLAUDIA-SPECIAL-POST-BY-BOSSMANZHENKOR-ARTS-psd99874.psd
[2014/04/12 14:29:27 | 001,111,358 | ---- | M] () -- C:\Users\Helen\Desktop\stoney.jpg
[2014/04/11 22:00:02 | 011,279,124 | ---- | M] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/11 21:39:48 | 000,449,166 | ---- | M] () -- C:\Users\Helen\Desktop\LongBeachSunset_RonniePittman_Flickr_03272012.jpg
[2014/04/11 21:36:25 | 000,131,113 | ---- | M] () -- C:\Users\Helen\Desktop\Long-Beach-Cityscape.jpg
[2014/04/11 21:20:35 | 000,452,546 | ---- | M] () -- C:\Users\Helen\Desktop\nast.jpg
[2014/04/11 18:20:55 | 000,153,520 | ---- | M] () -- C:\Users\Helen\Desktop\problem 2.jpg
[2014/04/11 17:14:22 | 000,512,992 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 17:08:03 | 002,821,953 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/11 16:03:23 | 000,324,174 | ---- | M] () -- C:\Users\Helen\Desktop\AZMB.jpg
[2014/04/11 14:37:35 | 000,112,465 | ---- | M] () -- C:\Users\Helen\Desktop\problem.jpg
[2014/04/11 12:45:53 | 000,067,692 | ---- | M] () -- C:\Users\Helen\Desktop\fn main.jpg
[2014/04/11 12:44:34 | 000,006,119 | ---- | M] () -- C:\Users\Helen\Desktop\fn7.jpg
[2014/04/11 12:44:21 | 000,055,395 | ---- | M] () -- C:\Users\Helen\Desktop\fn6.jpg
[2014/04/11 12:44:10 | 000,051,830 | ---- | M] () -- C:\Users\Helen\Desktop\fn5.jpg
[2014/04/11 12:44:01 | 000,042,316 | ---- | M] () -- C:\Users\Helen\Desktop\fn3.jpg
[2014/04/11 12:43:54 | 000,041,051 | ---- | M] () -- C:\Users\Helen\Desktop\fn2.jpg
[2014/04/11 12:43:45 | 000,034,485 | ---- | M] () -- C:\Users\Helen\Desktop\fn.jpg
[2014/04/10 22:22:17 | 000,044,329 | ---- | M] () -- C:\Users\Helen\Desktop\ratchet.jpg
[2014/04/10 20:45:21 | 010,335,084 | ---- | M] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/09 21:45:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 21:45:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 16:59:03 | 004,081,040 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/09 11:38:47 | 000,077,287 | ---- | M] () -- C:\Users\Helen\Desktop\ab.jpg
[2014/04/09 03:23:09 | 005,242,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/09 03:21:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/09 03:21:21 | 2146,676,735 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/08 17:47:05 | 001,152,746 | ---- | M] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 16:59:51 | 000,006,103 | ---- | M] () -- C:\Users\Helen\Desktop\jumbo.png
[2014/04/08 16:29:58 | 000,175,249 | ---- | M] () -- C:\Users\Helen\Desktop\ASU.jpg
[2014/04/08 15:47:17 | 001,697,776 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 15:47:11 | 028,924,674 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/08 03:16:00 | 001,077,359 | ---- | M] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 17:03:32 | 000,279,499 | ---- | M] () -- C:\Users\Helen\Desktop\ali.jpg
[2014/04/07 16:18:09 | 017,050,231 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/07 15:51:54 | 004,296,358 | ---- | M] () -- C:\Users\Helen\Desktop\b roy.jpg
[2014/04/07 15:50:41 | 000,787,672 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/07 15:50:33 | 009,720,636 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/07 15:38:56 | 000,043,487 | ---- | M] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:51 | 000,267,413 | ---- | M] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:36:50 | 000,000,132 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/04/07 15:01:59 | 000,060,090 | ---- | M] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | M] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | M] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:34:32 | 001,111,133 | ---- | M] () -- C:\Users\Helen\Desktop\stoney logo.jpg
[2014/04/07 14:29:27 | 004,355,723 | ---- | M] () -- C:\Users\Helen\Desktop\AHCM The Bizzness.jpg
[2014/04/07 14:17:42 | 004,299,305 | ---- | M] () -- C:\Users\Helen\Desktop\ACHM.jpg
[2014/04/07 14:14:44 | 004,340,791 | ---- | M] () -- C:\Users\Helen\Desktop\Big Vic & Envy.jpg
[2014/04/07 14:14:17 | 004,340,495 | ---- | M] () -- C:\Users\Helen\Desktop\Chalie Mack.jpg
[2014/04/07 14:11:40 | 004,324,211 | ---- | M] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:18 | 004,287,034 | ---- | M] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 14:10:12 | 004,358,127 | ---- | M] () -- C:\Users\Helen\Desktop\Brad Thompson.jpg
[2014/04/07 14:09:46 | 004,356,323 | ---- | M] () -- C:\Users\Helen\Desktop\Deezo Fatsaxx.jpg
[2014/04/07 13:24:52 | 000,026,661 | ---- | M] () -- C:\Users\Helen\Desktop\ys3.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | M] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | M] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/07 11:14:08 | 000,118,028 | ---- | M] () -- C:\Users\Helen\Desktop\gfx.jpg
[2014/04/05 22:16:24 | 000,237,492 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:20 | 000,220,884 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 22:11:47 | 000,074,109 | ---- | M] () -- C:\Users\Helen\Desktop\ys.jpg
[2014/04/05 21:31:50 | 000,149,589 | ---- | M] () -- C:\Users\Helen\Desktop\we.png
[2014/04/05 20:57:42 | 000,057,572 | ---- | M] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 20:42:33 | 000,560,676 | ---- | M] () -- C:\Users\Helen\Desktop\weedplant-482554.jpeg
[2014/04/05 20:22:53 | 000,621,649 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWERback.jpg
[2014/04/05 20:22:45 | 010,767,744 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/05 19:12:37 | 000,579,820 | ---- | M] () -- C:\Users\Helen\Desktop\ddct default.jpg
[2014/04/05 13:19:03 | 000,347,856 | ---- | M] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/04 19:36:03 | 000,086,997 | ---- | M] () -- C:\Users\Helen\Desktop\Problem_lowres.jpg
[2014/04/03 13:35:29 | 000,806,538 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.jpg
[2014/04/03 12:14:20 | 000,418,249 | ---- | M] () -- C:\Users\Helen\Desktop\despicable_me_2_minions-1920x1080.jpg
[2014/04/02 19:40:46 | 000,118,761 | ---- | M] () -- C:\Users\Helen\Desktop\ma.jpg
[2014/04/02 19:27:37 | 000,142,043 | ---- | M] () -- C:\Users\Helen\Desktop\BOXING-GLOVES-JY9103.jpg
[2014/04/02 19:26:11 | 000,113,680 | ---- | M] () -- C:\Users\Helen\Desktop\boxing-ring.jpg
[2014/04/02 17:39:26 | 000,047,880 | ---- | M] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 17:27:20 | 000,816,682 | ---- | M] () -- C:\Users\Helen\Desktop\G2G.jpg
[2014/04/02 16:44:43 | 000,184,768 | ---- | M] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | M] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:07 | 000,136,120 | ---- | M] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:20 | 003,722,020 | ---- | M] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | M] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 16:29:08 | 000,139,047 | ---- | M] () -- C:\Users\Helen\Desktop\cinco tickets.jpg
[2014/04/01 02:08:07 | 000,430,595 | ---- | M] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 18:27:54 | 000,448,348 | ---- | M] () -- C:\Users\Helen\Desktop\Scan0005.jpg
[2014/03/30 18:24:00 | 000,349,255 | ---- | M] () -- C:\Users\Helen\Desktop\Scan0004.jpg
[2014/03/30 11:13:05 | 003,164,995 | ---- | M] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:33 | 011,548,039 | ---- | M] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 17:06:44 | 000,042,679 | ---- | M] () -- C:\Users\Helen\Desktop\SKI.jpg
[2014/03/28 16:48:20 | 000,213,526 | ---- | M] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/26 00:10:00 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/25 11:39:29 | 000,154,792 | ---- | M] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/24 17:10:06 | 000,262,545 | ---- | M] () -- C:\Users\Helen\Desktop\AZNVD.jpg
[2014/03/24 16:56:50 | 000,021,518 | ---- | M] () -- C:\Users\Helen\Desktop\LIPS.png
[2014/03/22 15:18:22 | 008,715,694 | ---- | M] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/21 19:59:56 | 000,050,538 | ---- | M] () -- C:\Users\Helen\Desktop\JME.jpg
[2014/03/21 19:03:51 | 002,105,566 | ---- | M] () -- C:\Users\Helen\Desktop\dirty promo.jpg
[2014/03/21 13:49:57 | 000,259,830 | ---- | M] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2014/03/20 17:26:54 | 000,925,685 | ---- | M] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/19 20:00:19 | 000,057,583 | ---- | M] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/19 19:42:49 | 000,073,661 | ---- | M] () -- C:\Users\Helen\Desktop\chopper AZMB.jpg
[2014/03/18 19:18:45 | 005,415,473 | ---- | M] () -- C:\Users\Helen\Desktop\no wack acts.jpg
[2014/03/18 12:41:41 | 008,009,431 | ---- | M] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/14 13:19:30 | 001,478,037 | ---- | C] () -- C:\Users\Helen\Desktop\CLAUDIA-SPECIAL-POST-BY-BOSSMANZHENKOR-ARTS-psd99874.psd
[2014/04/14 13:18:30 | 001,276,797 | ---- | C] () -- C:\Users\Helen\Desktop\CLAUDIA-PERFECTION-IN-TIGHT-LEATHER-BY-BOSSMANZHE-psd99875.psd
[2014/04/14 12:37:46 | 003,842,935 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:41 | 002,337,926 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:19:56 | 096,086,399 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 12:08:38 | 000,269,776 | ---- | C] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3.sfk
[2014/04/14 12:07:48 | 000,042,880 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4.sfk
[2014/04/14 12:07:42 | 000,064,656 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs.mp4.sfk
[2014/04/14 11:58:19 | 002,755,999 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:51 | 004,137,157 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/13 20:48:25 | 011,977,510 | ---- | C] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:09 | 007,828,438 | ---- | C] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 15:28:59 | 000,643,949 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | C] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | C] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | C] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:07:14 | 001,687,379 | ---- | C] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:58:49 | 010,802,833 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 12:03:26 | 000,189,304 | ---- | C] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:51:20 | 000,514,427 | ---- | C] () -- C:\Users\Helen\Desktop\Problem-Understand-Me-EP-Artwork.jpg
[2014/04/13 11:00:04 | 002,166,378 | ---- | C] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 22:05:16 | 000,000,002 | ---- | C] () -- C:\END
[2014/04/12 22:03:35 | 002,260,640 | ---- | C] () -- C:\Users\Helen\Desktop\Step.Brothers.Extended.Edition.2008.1080p.BRRip.x264.AC3-Kay.exe
[2014/04/12 20:59:35 | 004,547,032 | ---- | C] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/12 18:22:01 | 000,227,998 | ---- | C] () -- C:\Users\Helen\Desktop\MOMS CAKE.jpeg
[2014/04/12 14:29:25 | 001,111,358 | ---- | C] () -- C:\Users\Helen\Desktop\stoney.jpg
[2014/04/11 22:00:06 | 001,380,112 | ---- | C] () -- C:\Users\Helen\Desktop\flipp promo.jpg
[2014/04/11 21:39:47 | 000,449,166 | ---- | C] () -- C:\Users\Helen\Desktop\LongBeachSunset_RonniePittman_Flickr_03272012.jpg
[2014/04/11 21:36:25 | 000,131,113 | ---- | C] () -- C:\Users\Helen\Desktop\Long-Beach-Cityscape.jpg
[2014/04/11 21:20:35 | 000,452,546 | ---- | C] () -- C:\Users\Helen\Desktop\nast.jpg
[2014/04/11 17:14:20 | 000,512,992 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 16:35:51 | 002,821,953 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/11 16:03:27 | 000,324,174 | ---- | C] () -- C:\Users\Helen\Desktop\AZMB.jpg
[2014/04/11 14:37:41 | 000,153,520 | ---- | C] () -- C:\Users\Helen\Desktop\problem 2.jpg
[2014/04/11 14:37:35 | 000,112,465 | ---- | C] () -- C:\Users\Helen\Desktop\problem.jpg
[2014/04/11 13:30:09 | 011,279,124 | ---- | C] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/11 12:45:52 | 000,067,692 | ---- | C] () -- C:\Users\Helen\Desktop\fn main.jpg
[2014/04/11 12:44:34 | 000,006,119 | ---- | C] () -- C:\Users\Helen\Desktop\fn7.jpg
[2014/04/11 12:44:20 | 000,055,395 | ---- | C] () -- C:\Users\Helen\Desktop\fn6.jpg
[2014/04/11 12:44:10 | 000,051,830 | ---- | C] () -- C:\Users\Helen\Desktop\fn5.jpg
[2014/04/11 12:44:01 | 000,042,316 | ---- | C] () -- C:\Users\Helen\Desktop\fn3.jpg
[2014/04/11 12:43:54 | 000,041,051 | ---- | C] () -- C:\Users\Helen\Desktop\fn2.jpg
[2014/04/11 12:43:45 | 000,034,485 | ---- | C] () -- C:\Users\Helen\Desktop\fn.jpg
[2014/04/10 22:22:16 | 000,044,329 | ---- | C] () -- C:\Users\Helen\Desktop\ratchet.jpg
[2014/04/10 20:45:03 | 010,335,084 | ---- | C] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/09 11:38:47 | 000,077,287 | ---- | C] () -- C:\Users\Helen\Desktop\ab.jpg
[2014/04/08 17:46:09 | 001,152,746 | ---- | C] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 16:59:51 | 000,006,103 | ---- | C] () -- C:\Users\Helen\Desktop\jumbo.png
[2014/04/08 16:29:58 | 000,175,249 | ---- | C] () -- C:\Users\Helen\Desktop\ASU.jpg
[2014/04/08 15:47:16 | 001,697,776 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 03:16:02 | 001,077,359 | ---- | C] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 17:03:18 | 000,279,499 | ---- | C] () -- C:\Users\Helen\Desktop\ali.jpg
[2014/04/07 16:18:14 | 028,924,674 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/07 15:51:47 | 004,296,358 | ---- | C] () -- C:\Users\Helen\Desktop\b roy.jpg
[2014/04/07 15:38:56 | 000,043,487 | ---- | C] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:48 | 000,267,413 | ---- | C] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:01:59 | 000,060,090 | ---- | C] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | C] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | C] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:34:29 | 001,111,133 | ---- | C] () -- C:\Users\Helen\Desktop\stoney logo.jpg
[2014/04/07 14:29:20 | 004,355,723 | ---- | C] () -- C:\Users\Helen\Desktop\AHCM The Bizzness.jpg
[2014/04/07 14:17:36 | 004,299,305 | ---- | C] () -- C:\Users\Helen\Desktop\ACHM.jpg
[2014/04/07 14:14:37 | 004,340,791 | ---- | C] () -- C:\Users\Helen\Desktop\Big Vic & Envy.jpg
[2014/04/07 14:14:11 | 004,340,495 | ---- | C] () -- C:\Users\Helen\Desktop\Chalie Mack.jpg
[2014/04/07 14:11:33 | 004,324,211 | ---- | C] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:12 | 004,287,034 | ---- | C] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 14:10:05 | 004,358,127 | ---- | C] () -- C:\Users\Helen\Desktop\Brad Thompson.jpg
[2014/04/07 14:09:38 | 004,356,323 | ---- | C] () -- C:\Users\Helen\Desktop\Deezo Fatsaxx.jpg
[2014/04/07 13:24:52 | 000,026,661 | ---- | C] () -- C:\Users\Helen\Desktop\ys3.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | C] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | C] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/07 11:14:07 | 000,118,028 | ---- | C] () -- C:\Users\Helen\Desktop\gfx.jpg
[2014/04/05 22:16:28 | 000,237,492 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:22 | 000,220,884 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 22:11:47 | 000,074,109 | ---- | C] () -- C:\Users\Helen\Desktop\ys.jpg
[2014/04/05 21:48:52 | 000,787,672 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/05 21:31:50 | 000,149,589 | ---- | C] () -- C:\Users\Helen\Desktop\we.png
[2014/04/05 21:05:28 | 009,720,636 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/05 20:57:42 | 000,057,572 | ---- | C] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 20:42:33 | 000,560,676 | ---- | C] () -- C:\Users\Helen\Desktop\weedplant-482554.jpeg
[2014/04/05 20:10:53 | 000,621,649 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWERback.jpg
[2014/04/05 19:12:36 | 000,579,820 | ---- | C] () -- C:\Users\Helen\Desktop\ddct default.jpg
[2014/04/05 13:19:03 | 000,347,856 | ---- | C] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/04 21:48:19 | 004,081,040 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/04 19:36:03 | 000,086,997 | ---- | C] () -- C:\Users\Helen\Desktop\Problem_lowres.jpg
[2014/04/03 13:35:28 | 000,806,538 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.jpg
[2014/04/03 12:45:07 | 010,767,744 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/03 12:14:20 | 000,418,249 | ---- | C] () -- C:\Users\Helen\Desktop\despicable_me_2_minions-1920x1080.jpg
[2014/04/02 19:40:46 | 000,118,761 | ---- | C] () -- C:\Users\Helen\Desktop\ma.jpg
[2014/04/02 19:31:00 | 017,050,231 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/02 19:27:36 | 000,142,043 | ---- | C] () -- C:\Users\Helen\Desktop\BOXING-GLOVES-JY9103.jpg
[2014/04/02 19:26:11 | 000,113,680 | ---- | C] () -- C:\Users\Helen\Desktop\boxing-ring.jpg
[2014/04/02 17:39:26 | 000,047,880 | ---- | C] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 17:27:18 | 000,816,682 | ---- | C] () -- C:\Users\Helen\Desktop\G2G.jpg
[2014/04/02 16:44:12 | 000,184,768 | ---- | C] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | C] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:06 | 000,136,120 | ---- | C] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:17 | 003,722,020 | ---- | C] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | C] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 16:29:07 | 000,139,047 | ---- | C] () -- C:\Users\Helen\Desktop\cinco tickets.jpg
[2014/04/01 02:08:06 | 000,430,595 | ---- | C] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 18:44:56 | 000,448,348 | ---- | C] () -- C:\Users\Helen\Desktop\Scan0005.jpg
[2014/03/30 18:44:56 | 000,349,255 | ---- | C] () -- C:\Users\Helen\Desktop\Scan0004.jpg
[2014/03/30 11:12:56 | 003,164,995 | ---- | C] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:28 | 011,548,039 | ---- | C] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 17:06:44 | 000,042,679 | ---- | C] () -- C:\Users\Helen\Desktop\SKI.jpg
[2014/03/28 16:48:19 | 000,213,526 | ---- | C] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/25 11:39:28 | 000,154,792 | ---- | C] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/24 17:10:04 | 000,262,545 | ---- | C] () -- C:\Users\Helen\Desktop\AZNVD.jpg
[2014/03/24 16:56:50 | 000,021,518 | ---- | C] () -- C:\Users\Helen\Desktop\LIPS.png
[2014/03/22 15:18:35 | 008,715,694 | ---- | C] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/21 19:59:56 | 000,050,538 | ---- | C] () -- C:\Users\Helen\Desktop\JME.jpg
[2014/03/21 19:03:49 | 002,105,566 | ---- | C] () -- C:\Users\Helen\Desktop\dirty promo.jpg
[2014/03/19 20:00:19 | 000,057,583 | ---- | C] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/19 19:42:49 | 000,073,661 | ---- | C] () -- C:\Users\Helen\Desktop\chopper AZMB.jpg
[2014/03/19 18:36:27 | 000,925,685 | ---- | C] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/18 18:08:04 | 005,415,473 | ---- | C] () -- C:\Users\Helen\Desktop\no wack acts.jpg
[2014/03/18 12:41:38 | 008,009,431 | ---- | C] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3
[2014/03/16 23:32:07 | 000,259,830 | ---- | C] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2013/01/24 14:04:01 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2013/01/24 13:40:25 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2013/01/24 13:40:25 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/11/03 22:44:05 | 393,697,280 | ---- | C] () -- C:\Users\Helen\Twitch-Exfiltration.iso
[2012/09/21 12:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 12:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 12:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/09/05 21:55:00 | 000,000,132 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/20 19:29:20 | 000,000,668 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\vso_ts_preview.xml
[2012/08/20 19:27:01 | 000,099,384 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\inst.exe
[2012/08/20 19:27:01 | 000,007,859 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.cat
[2012/08/20 19:27:01 | 000,001,167 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.inf
[2012/03/08 18:15:53 | 000,000,054 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\updater.cfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 915 bytes -> C:\Users\Helen\AppData\Local\VfS03bxvy:tlgeGdI3qy8cc9mtybStv9j5
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:btWtSgua3x20VfwgYQV
@Alternate Data Stream - 1089 bytes -> C:\Users\Helen\AppData\Local\Temp:36oknYKnqrHhWWcinbcDo5b
@Alternate Data Stream - 1012 bytes -> C:\Users\Helen\AppData\Local\Temp:L1EkljNYvkZ7yfsk1mHNJKNIk
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:ZsmawYs6aiisayk7MzGBoiRDH0r

< End of report >

OTL Extras logfile created on: 4/14/2014 2:48:42 PM - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 54.77% Memory free
16.00 Gb Paging File | 11.63 Gb Available in Paging File | 72.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.20 Gb Total Space | 144.96 Gb Free Space | 31.99% Space Free | Partition Type: NTFS

Computer Name: PYROAZMB | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094739EA-797D-4576-9193-2EEC51E8E878}" = lport=445 | protocol=6 | dir=in | app=system |
"{117D527C-8603-4785-958F-31AFF3A84B7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16780FAF-4B31-4A60-976C-2CC7F90ED3C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1DFE1875-4E98-42FB-83C1-7CA8CA69B861}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3022F5CC-4097-4E78-8987-A0D25AAE955F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{349434F1-72E6-4890-963D-2BCCF666424C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{356085DA-35DD-48BF-96D1-2051A024E941}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A413E75-843C-4977-AF17-672CCD2965FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53694473-0539-43E6-93CE-EE9B50019579}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C64AB32-C3FF-478D-A7FC-8E346DEF1D80}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F0A326C-F821-4C59-8C1C-6F4E4D0A5183}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61ABA702-B481-4E51-85A0-A1B671610A8B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{62DB9B9E-57C7-4B95-9584-6DE393031299}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6B249C96-84CE-4630-B24F-31962FB5FAFF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76D753F4-685D-4D63-BD7D-E468E9CBC0E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{777F0AD7-8690-4E78-B30B-1AB0A45EDEE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{80104955-2955-498F-A751-5D8F49BB1F73}" = lport=137 | protocol=17 | dir=in | app=system |
"{8848EBE8-BF3D-4E34-BD64-3CC87D713EC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92F83747-50B3-4573-B2F9-3C1B1DA32FDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98743767-85A2-4396-8810-D42BEE4AFC73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A28BA038-5409-4AC3-A654-74542F1C4E89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5A23CC9-C2E9-4095-97E3-18143A1D935C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6A67947-13E6-48F7-8246-08CC90CA55FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADCE73C1-204D-4703-9506-608FAEACD0BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BDB25054-AE6B-4891-8CB3-684BF42EA44E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0A5A576-BA5A-4E49-8F37-69B21783AE17}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C83E61E5-04A8-4ED7-A435-820EB4347CF1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7EE7206-B898-4FE9-A215-DBA6F1DFA23C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD1ED049-2C11-4D08-9689-6392A072AF68}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{E3206DEB-E8DD-408E-8B21-B659D4CCF8D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{E85901FD-955C-4A85-B0E0-3AE09D893F5D}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAF6A95E-A7B9-47EF-9A7D-B58245707965}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4C954E8-539B-4A8B-898A-B5F490A81C2E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA67B57B-235B-472B-A2A2-AD268D3A7619}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FBC5CDD0-5109-4ADF-8C9F-AF0F7E946BCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E1C2905-96EE-4939-AACD-36A64CC39807}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{168AD9DB-2030-44A3-B446-2AAD59C9DBB2}" = protocol=1 | dir=in | [email protected],-28543 |
"{18BDCC77-213A-411C-A039-6E188413D110}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{1DB07F6E-803C-4F3B-9048-5C41AB058C6D}" = protocol=58 | dir=in | app=system |
"{22169D42-22CB-47E4-AF3E-F203DBE6BF2F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{29517C82-AF14-4718-B24A-E31C49A5602A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2C714188-E63E-43D9-898C-B85CDEEB5381}" = protocol=58 | dir=out | [email protected],-503 |
"{2F4E0CE2-BB94-495A-B33A-9A90C503551C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{316E5708-D198-4405-B207-2A1337AAC86D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3720E464-C2BD-4071-B1E7-505432FD2E43}" = dir=out | app=%programfiles% (x86)\acoustica mixcraft 6\mixcraft6.exe |
"{3CE67FFB-B478-4FF7-9911-02939803E56D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41AB025D-9381-4DA3-BC9C-8F5F2BFD7432}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44ED8383-B940-462E-9823-F63D2CEB889F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{492F6E4D-B6A8-485A-B164-B4BCAE917B01}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4C849B4C-5200-4630-BB2D-25C48FED6AD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53D14565-273F-44ED-A9D7-CEBDE696829B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58FD7B5B-4E11-41DA-B482-00D88EDB1709}" = protocol=17 | dir=in | app=c:\users\helen\appdata\roaming\utorrent\utorrent.exe |
"{5AAD92C9-B1D8-4E17-B283-C4907E236D85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{672ED229-137E-4846-AC49-77645F0E28E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{751384FB-55ED-41CD-B3B4-8DC11D838F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{753D3C24-B542-4D76-9956-ADE153FF3037}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{782CE9C1-F3E3-4EA7-9A59-B5806615727C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{89EEC9B7-E0BE-470A-8A09-D0F370CDD27A}" = protocol=1 | dir=out | [email protected],-28544 |
"{8CC919BC-2DE3-4BAB-8B34-2633A6A7514E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9A5ED669-756B-4D2F-8935-FE40553CEB0A}" = protocol=6 | dir=in | app=c:\users\helen\appdata\roaming\utorrent\utorrent.exe |
"{A286C502-558D-42F7-B703-D680BACFC1E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5D4EB03-CE7E-45EF-8A18-7E40C0F30149}" = dir=in | app=%programfiles% (x86)\acoustica mixcraft 6\mixcraft6.exe |
"{ACB70B15-C5B4-4723-8B6B-BEA6ECE72FEE}" = protocol=58 | dir=out | [email protected],-28546 |
"{B004BC16-F202-4C75-8557-71A04B073AA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B03B465E-9F26-474C-8A67-DEF4567D5489}" = protocol=6 | dir=out | app=system |
"{B117A7C8-F8B7-4742-8952-DFC4D098CD16}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B4B43557-E3DB-41A1-8AD0-FE9B816A7EFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B69D6B1C-3712-4821-8980-54C604C30052}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{BAC97F0C-308C-43A0-ABC9-43F18E833C93}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BF629151-33CD-4DED-B4FF-DC911AA1C544}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BFDBA758-93C6-4529-880C-7D6B946FD460}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C559373B-17FC-4C18-A1F4-02E793352C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C740FE6A-2D1B-446D-BFF5-F434F2D54AB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9223BF5-E3F0-4EF0-ABF8-A955D8BD8CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D5D89057-D722-4251-ADC3-F3CDEB1359B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D65C46CA-2136-44AE-AE76-A8E4C2A63D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{D7917702-27B5-46C2-8D25-B6AF094AFB01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBAD6C61-5581-4F0D-A806-E17EE99DF79E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE76E83C-A597-4875-AC87-BE8EFF0E2F75}" = protocol=58 | dir=in | [email protected],-28545 |
"{F5A92252-A6D9-4865-9C1E-BD428667A010}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FEF3B16B-6B90-4346-94CE-29F6C8ACE2D2}" = dir=in | app=c:\users\helen\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{30733894-504F-49B9-A589-AD4026D676E6}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
"TCP Query User{9FBDE725-62AD-4B6D-8E3A-B52AAA69BC37}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe |
"TCP Query User{ACED7F6A-EA64-47B6-964F-0EB851C6E7F3}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe |
"TCP Query User{C0823FE2-D351-46B4-BA7F-6229C9BD8132}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
"UDP Query User{387ECDB8-85FA-4356-9F82-91F791A63A62}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe |
"UDP Query User{7BDCCE86-9956-48EF-AB67-F708EE86D294}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe |
"UDP Query User{A1CDBC7D-CB4C-4B03-96BB-3E8F4190C44F}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |
"UDP Query User{F74E2421-624A-47D9-9B7A-83F6C4E8B50D}C:\program files\sony\vegas pro 9.0\vegas90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegas90.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{574CFBE2-E50C-A112-EA65-BA5AE7C3AB2C}" = AMD Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F42AB02-6626-45DE-AA69-E141FDB82CDF}" = Vegas Pro 9.0 (64-bit)
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A31D5812-F0AA-4AFA-B584-C2C4AC141518}" = Boris Continuum Complete 7 Adobe CS5
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2213622-FFE0-4934-BDB6-A6FBE31FEB1B}" = Trapcode Suite 64-bit
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"CCleaner" = CCleaner
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = My Dell
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Avid Free DigiRack Plug-Ins 9.0
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}" = KODAK Share Button App
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"BitZipper_is1" = BitZipper 2010
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Convert Files for Free" = Convert Files for Free
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Dell Dock" = Dell Dock
"Driver Performer_is1" = Driver Performer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 8" = FL Studio 8
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{B2213622-FFE0-4934-BDB6-A6FBE31FEB1B}" = Trapcode Suite 64-bit
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"LAME_is1" = LAME v3.99.3 (for Windows)
"Luxonix Purity VSTi_is1" = Luxonix Purity VSTi v1.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.53
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PoiZone" = PoiZone
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Tag&Rename_is1" = Tag&Rename 3.6.5
"TeamViewer 8" = TeamViewer 8
"Toxic Biohazard" = Toxic Biohazard
"Trusted Software Assistant_is1" = File Type Assistant
"v9 uninstaller" = v9 uninstaller
"VLC media player" = VLC media player 2.0.7
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WinX DVD Author_is1" = WinX DVD Author 5.8
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"WPM" = WPM18.8.0.212

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Search Protection" = Search Protection
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2014 2:03:00 AM | Computer Name = PYROAZMB | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_12_0_0_77.exe, version:
12.0.0.77, time stamp: 0x5314f5f7 Faulting module name: FlashPlayerPlugin_12_0_0_77.exe,
version: 12.0.0.77, time stamp: 0x5314f5f7 Exception code: 0x40000015 Fault offset:
0x000180f0 Faulting process id: 0x494 Faulting application start time: 0x01cf3e8083099b87
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
Report
Id: 215c33b2-aa75-11e3-abf1-842b2b8d82d6

Error - 3/14/2014 12:42:14 AM | Computer Name = PYROAZMB | Source = CVHSVC | ID = 100
Description = Information only. Error: HTTP status 404: The requested URL does not
exist on the server.   ErrorCode: 14007(0x36b7).

Error - 3/14/2014 6:54:04 PM | Computer Name = PYROAZMB | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_12_0_0_77.exe, version:
12.0.0.77, time stamp: 0x5314f5f7 Faulting module name: FlashPlayerPlugin_12_0_0_77.exe,
version: 12.0.0.77, time stamp: 0x5314f5f7 Exception code: 0x40000015 Fault offset:
0x000180f0 Faulting process id: 0x1074 Faulting application start time: 0x01cf3fa9e50e9c28
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
Report
Id: 8a600592-abcb-11e3-ae81-842b2b8d82d6

Error - 3/14/2014 10:56:27 PM | Computer Name = PYROAZMB | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.1.0.0, time
stamp: 0x4d90d339 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
stamp: 0x4dace4e7 Exception code: 0x40000015 Fault offset: 0x000000000004267f Faulting
process id: 0x11a4 Faulting application start time: 0x01cf3fb75d41d9db Faulting application
path: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe Faulting
module path: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Report
Id: 668ba57f-abed-11e3-ae81-842b2b8d82d6

Error - 3/15/2014 2:26:15 PM | Computer Name = PYROAZMB | Source = CVHSVC | ID = 100
Description = Information only. Error: HTTP status 404: The requested URL does not
exist on the server.   ErrorCode: 14007(0x36b7).

Error - 3/16/2014 2:08:30 PM | Computer Name = PYROAZMB | Source = CVHSVC | ID = 100
Description = Information only. Error: HTTP status 404: The requested URL does not
exist on the server.   ErrorCode: 14007(0x36b7).

Error - 3/16/2014 10:00:01 PM | Computer Name = PYROAZMB | Source = Windows Backup | ID = 4103
Description =

Error - 3/18/2014 9:49:24 AM | Computer Name = PYROAZMB | Source = CVHSVC | ID = 100
Description = Information only. Error: HTTP status 404: The requested URL does not
exist on the server.   ErrorCode: 14007(0x36b7).

Error - 3/23/2014 10:00:03 PM | Computer Name = PYROAZMB | Source = Windows Backup | ID = 4103
Description =

Error - 3/26/2014 3:06:55 AM | Computer Name = PYROAZMB | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'distnoted' could not be shut down.

[ Dell Events ]
Error - 5/24/2011 8:04:26 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/26/2011 12:05:04 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/26/2011 12:05:04 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/2/2012 4:33:32 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/2/2012 4:33:32 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/28/2012 6:20:15 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/28/2012 6:20:15 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/28/2012 6:27:30 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/28/2012 6:27:30 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/28/2012 7:05:28 PM | Computer Name = Helen-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/28/2011 12:50:51 AM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = 11:50:48 PM - Error connecting to the internet. 11:50:48 PM -     Unable
to contact server..

Error - 2/1/2012 7:09:33 PM | Computer Name = Helen-PC | Source = MCUpdate | ID = 0
Description = 5:09:26 PM - Error connecting to the internet. 5:09:26 PM -     Unable
to contact server..

[ System Events ]
Error - 3/16/2014 1:58:32 PM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 3/20/2014 9:20:51 PM | Computer Name = PYROAZMB | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:41:39 PM on ?3/?20/?2014 was unexpected.

Error - 3/20/2014 9:21:47 PM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 3/26/2014 3:07:15 AM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/26/2014 3:14:16 AM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 3/30/2014 9:42:44 PM | Computer Name = PYROAZMB | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 3/30/2014 9:42:45 PM | Computer Name = PYROAZMB | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 4/9/2014 6:23:38 AM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 4/9/2014 6:24:25 AM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 4/9/2014 6:24:55 AM | Computer Name = PYROAZMB | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

< End of report >

#4
zep516

Posted 14 April 2014 - 04:36 PM

Trusted Helper

Malware Removal
8,090 posts

Well done

Please give me some time to review your log reports. Do not try to fix anything yourself. Do not download anything or make any changes to the computer as we work. Do not run any more scanners.

Thanks
Joe

#5
pyroazmb

Posted 14 April 2014 - 05:43 PM

Member

Topic Starter
Member
11 posts

okay sounds good. thank you

#6
zep516

Posted 14 April 2014 - 07:41 PM

Trusted Helper

Malware Removal
8,090 posts

Hello pyroazmb,

First

We need to remove some programs that are related to Add/ware and out of date issues.

v9 uninstaller.
Search Protection.
Java™ 6 Update 21. (64-bit)
Java 7 Update 25.

Lets remove all of those programs listed above.
==> Click > Start > Control Panel > Programs & Features. Click on the program, then choose uninstall.

Note:The Java versions are old, old versions of Java are a infection risk. We recommened not using Java at all because of it's vurnabilities, unless you must use it.

Next

We need to do a "fix" to delete some files using OTL, take your time, be sure to copy it all!

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2014/04/12 21:34:40 | 000,566,272 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2014/04/10 19:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=340e50d9d
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=340e50d9d"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SearchProtection] C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Helen\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Unable to open value key) 
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O33 - MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\TL_Bootstrap.exe
O33 - MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LG_PC_Programs.exe
O33 - MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\setup.exe -a
O33 - MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\Install.bat
O33 - MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\Shell\setup\command - "" = I:\Install.bat
O33 - MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\Shell - "" = AutoRun
O33 - MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\Shell\AutoRun\command - "" = I:\UEZLink.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\UEZLink.exe
[2014/04/12 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\SupTab
[2014/04/12 21:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/04/12 21:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/04/12 21:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2014/04/12 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\v9
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
@Alternate Data Stream - 915 bytes -> C:\Users\Helen\AppData\Local\VfS03bxvy:tlgeGdI3qy8cc9mtybStv9j5
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:btWtSgua3x20VfwgYQV
@Alternate Data Stream - 1089 bytes -> C:\Users\Helen\AppData\Local\Temp:36oknYKnqrHhWWcinbcDo5b
@Alternate Data Stream - 1012 bytes -> C:\Users\Helen\AppData\Local\Temp:L1EkljNYvkZ7yfsk1mHNJKNIk
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:ZsmawYs6aiisayk7MzGBoiRDH0r

:Files

ipconfig /flushdns /c
C:\ProgramData\WPM\wprotectmanager.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE

:Commands

[emptytemp]
[resethosts]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

In your next reply to me please post:

The OTL Fix log after running the fix. You can find that log here--->C:\_OTL\Moved Files it also may just pop up in front of you.
New OTL Log after Quick Scan.

Thanks
Joe

#7
pyroazmb

Posted 15 April 2014 - 07:14 PM

Member

Topic Starter
Member
11 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Wpm stopped successfully!
Service Wpm deleted successfully!
C:\ProgramData\WPM\wprotectmanager.exe moved successfully.
Service IePluginService stopped successfully!
Service IePluginService deleted successfully!
C:\ProgramData\IePluginService\PluginService.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Prefs.js: "v9" removed from browser.search.defaultenginename
Prefs.js: "v9" removed from browser.search.selectedEngine
Prefs.js: "http://www.v9.com/?t....sd&t=340e50d9d" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
File C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Users\Helen\AppData\Roaming\uTorrent\uTorrent.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~2.DLL deleted successfully.
C:\Program Files (x86)\SupTab\SearchProtect64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~1.DLL deleted successfully.
C:\Program Files (x86)\SupTab\SearchProtect32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03a5c1d4-5616-11e2-a5d0-842b2b8d82d6}\ not found.
File I:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12670a08-8c58-11e3-81a0-842b2b8d82d6}\ not found.
File I:\LG_PC_Programs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1783f9de-7fb1-11e2-9458-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239e151a-4c4d-11e3-bd60-842b2b8d82d6}\ not found.
File I:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26799c9c-5568-11e2-84c3-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34236bd3-4d8d-11e2-b8a5-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484009da-681e-11e2-88b1-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{484009da-681e-11e2-88b1-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{484009da-681e-11e2-88b1-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e2f24f1-7dce-11e3-a8e8-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ not found.
File I:\Install.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e586f0e-696a-11e1-a679-842b2b8d82d6}\ not found.
File I:\Install.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a31a9dbc-14a0-11e3-89e3-842b2b8d82d6}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37c25de-ddd9-11e2-b08e-842b2b8d82d6}\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb495fdf-2611-11e3-9a9c-842b2b8d82d6}\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fba7bf44-06c3-11e2-ab83-842b2b8d82d6}\ not found.
File I:\UEZLink.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\UEZLink.exe not found.
C:\Users\Helen\AppData\Roaming\SupTab folder moved successfully.
C:\ProgramData\IePluginService\update folder moved successfully.
C:\ProgramData\IePluginService folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pl folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-IT folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-CH folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-ES folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-419 folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\en-US folder moved successfully.
C:\Program Files (x86)\SupTab\web\_locales folder moved successfully.
C:\Program Files (x86)\SupTab\web\js folder moved successfully.
C:\Program Files (x86)\SupTab\web\img\weather folder moved successfully.
C:\Program Files (x86)\SupTab\web\img folder moved successfully.
C:\Program Files (x86)\SupTab\web folder moved successfully.
C:\Program Files (x86)\SupTab folder moved successfully.
C:\ProgramData\WPM\update folder moved successfully.
C:\ProgramData\WPM\log folder moved successfully.
C:\ProgramData\WPM folder moved successfully.
C:\Users\Helen\AppData\Roaming\v9\log folder moved successfully.
C:\Users\Helen\AppData\Roaming\v9\images folder moved successfully.
C:\Users\Helen\AppData\Roaming\v9 folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\Users\Helen\AppData\Local\VfS03bxvy:tlgeGdI3qy8cc9mtybStv9j5 deleted successfully.
ADS C:\ProgramData\Microsoft:btWtSgua3x20VfwgYQV deleted successfully.
ADS C:\Users\Helen\AppData\Local\Temp:36oknYKnqrHhWWcinbcDo5b deleted successfully.
ADS C:\Users\Helen\AppData\Local\Temp:L1EkljNYvkZ7yfsk1mHNJKNIk deleted successfully.
ADS C:\ProgramData\Microsoft:ZsmawYs6aiisayk7MzGBoiRDH0r deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Helen\Desktop\cmd.bat deleted successfully.
C:\Users\Helen\Desktop\cmd.txt deleted successfully.
File\Folder C:\ProgramData\WPM\wprotectmanager.exe not found.
File\Folder C:\ProgramData\IePluginService\PluginService.exe not found.
File\Folder C:\Users\Helen\AppData\Roaming\Search Protection\SearchProtection.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helen
->Temp folder emptied: 14851138734 bytes
->Temporary Internet Files folder emptied: 156428933 bytes
->Java cache emptied: 56340 bytes
->FireFox cache emptied: 436053883 bytes
->Google Chrome cache emptied: 387791635 bytes
->Flash cache emptied: 97785 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76375897 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101055 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,171.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.70.2 log created on 04152014_173830

Files\Folders moved on Reboot...
C:\Users\Helen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 4/15/2014 5:52:58 PM - Run 2
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.02% Memory free
16.00 Gb Paging File | 13.78 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.20 Gb Total Space | 160.57 Gb Free Space | 35.43% Space Free | Partition Type: NTFS

Computer Name: PYROAZMB | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
PRC - [2014/03/29 01:16:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/04 02:06:08 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
PRC - [2013/09/03 06:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/11 15:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/29 01:16:00 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/12 03:34:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:33:47 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\45f490388fbd195e201a1c46e3045086\PresentationFramework.ni.dll
MOD - [2014/02/12 03:33:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:33:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:33:26 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\473ff277c41d6fe614535a1f6102674a\PresentationCore.ni.dll
MOD - [2014/02/12 03:33:17 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:33:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:33:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:33:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:33:02 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/04 18:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 23:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/03/29 01:16:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 16:49:42 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/04 02:06:08 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe -- (ConvertFilesforFreeUpdt)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/20 16:16:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 12:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 12:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 20:55:48 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 06:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/28 18:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 18:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/09/01 23:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/31 20:08:06 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 23:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
DRV:64bit: - [2009/07/15 01:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{57913FED-86D6-4182-89B2-E68AEA0ABD81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{103215E5-63D5-4D84-AE58-43CAA2A30485}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{249EA421-8F3B-4786-8362-3064655120E1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{B4837E54-7933-484D-BB87-D08F6E635936}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=340e50d9d"
FF - prefs.js..extensions.enabledAddons: extension%40Convert_Files_for_Free.com:7.12
FF - prefs.js..extensions.enabledAddons: quick_start%40gmail.com:3.2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Helen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/11/12 13:47:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/28 22:49:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 18:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\fnzt0wzi.default\extensions\[email protected] [2014/04/15 17:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\extension@Convert_Files_for_Free.com: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com [2014/04/12 22:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/28 20:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions
[2014/04/15 17:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions
[2014/04/15 17:50:06 | 000,000,000 | ---D | M] ("Quick Start") -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions\[email protected]
[2013/08/05 15:47:48 | 000,000,915 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\mozilla\firefox\profiles\fnzt0wzi.default\searchplugins\yahoo.xml
[2014/03/29 01:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:16:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/12 22:05:17 | 000,000,000 | ---D | M] (ConvertFilesforFree) -- C:\PROGRAM FILES (X86)\CONVERT FILES FOR FREE\EXTENSION@CONVERT_FILES_FOR_FREE.COM

========== Chrome ==========

CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = http://search.v9.com...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.v9.com/?t...psd&t=340e50d9d
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Helen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Invite All = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0\
CHR - Extension: avast! WebRep = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Click here to Select all friends = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefbbnblngelpldjnnihgincocdpcgdn\5.1_0\
CHR - Extension: Quick Start = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\3.2.3_0\

O1 HOSTS File: ([2014/04/15 17:44:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
O2 - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Helen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB866F4-674E-4238-8ACD-13E587A87F43}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5E0124-0AA9-4565-8C8C-519351CD646A}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E20B0E0-42F0-4025-AA5B-C8263114F87D}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F82CDEF-B537-47A5-80F9-FBC9E7F62C29}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99787CC4-9787-4BF0-B731-CD582FDDA68E}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5ACD1B4-78E9-4D70-83C3-E87B30AC3F7C}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA82412B-FD98-4004-8471-711CD7DEC234}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/15 17:38:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/14 14:11:11 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/12 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2014/04/12 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert Files for Free
[2014/04/12 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Wise
[2014/04/11 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Adobe Mini Bridge CS5.1
[2014/03/29 01:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/26 00:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/20 19:27:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helen\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/04/15 17:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/15 17:49:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/15 17:49:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/15 17:46:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/15 17:46:11 | 005,242,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/15 17:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/15 17:45:40 | 2146,676,735 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 17:44:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/15 17:34:43 | 000,002,372 | ---- | M] () -- C:\Users\Helen\Desktop\Google Chrome.lnk
[2014/04/15 17:34:43 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/15 17:34:42 | 000,001,443 | ---- | M] () -- C:\Users\Helen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/15 15:42:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/15 15:30:41 | 000,048,638 | ---- | M] () -- C:\Users\Helen\Desktop\tur pic.jpg
[2014/04/15 15:26:02 | 007,002,241 | ---- | M] () -- C:\Users\Helen\Desktop\AZMADE ROMAN.psd
[2014/04/15 15:19:21 | 009,142,856 | ---- | M] () -- C:\Users\Helen\Desktop\the trendsetterz thotties.mp3
[2014/04/15 15:08:57 | 002,215,493 | ---- | M] () -- C:\Users\Helen\Desktop\azmb drip turquoise.eps
[2014/04/15 15:08:22 | 002,522,766 | ---- | M] () -- C:\Users\Helen\Desktop\azmb drip white.eps
[2014/04/15 15:04:00 | 000,199,481 | ---- | M] () -- C:\Users\Helen\Desktop\boss life.jpg
[2014/04/15 14:56:15 | 000,023,794 | ---- | M] () -- C:\Users\Helen\Desktop\adeezy.jpg
[2014/04/15 14:54:28 | 000,504,917 | ---- | M] () -- C:\Users\Helen\Desktop\az4.jpg
[2014/04/15 14:50:45 | 000,498,659 | ---- | M] () -- C:\Users\Helen\Desktop\az3.jpg
[2014/04/15 14:37:01 | 000,494,024 | ---- | M] () -- C:\Users\Helen\Desktop\az2.jpg
[2014/04/15 14:23:33 | 000,401,286 | ---- | M] () -- C:\Users\Helen\Desktop\AZ1.jpg
[2014/04/15 13:50:35 | 000,301,963 | ---- | M] () -- C:\Users\Helen\Desktop\drip.jpg
[2014/04/15 13:49:23 | 000,262,335 | ---- | M] () -- C:\Users\Helen\Desktop\rollysroyce-mock-real.jpg
[2014/04/15 12:27:06 | 004,025,419 | ---- | M] () -- C:\Users\Helen\Desktop\[bleep] A [bleep] Dirty Dan.mp3
[2014/04/15 12:07:13 | 000,046,161 | ---- | M] () -- C:\Users\Helen\Desktop\guero p.jpg
[2014/04/15 11:17:47 | 000,497,783 | ---- | M] () -- C:\Users\Helen\Desktop\AZ DRIP.jpg
[2014/04/15 03:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/15 00:42:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/14 19:35:22 | 002,558,335 | ---- | M] () -- C:\Users\Helen\Desktop\leo flyer.jpg
[2014/04/14 18:57:28 | 000,055,595 | ---- | M] () -- C:\Users\Helen\Desktop\Serpentine-Bold-Bold.ttf
[2014/04/14 16:53:52 | 004,360,747 | ---- | M] () -- C:\Users\Helen\Desktop\Alphounce Wolf.jpg
[2014/04/14 16:51:12 | 004,771,160 | ---- | M] () -- C:\Users\Helen\Desktop\leo.psd
[2014/04/14 15:21:32 | 000,089,993 | ---- | M] () -- C:\Users\Helen\Desktop\Xpert Pole.jpg
[2014/04/14 15:16:58 | 000,063,366 | ---- | M] () -- C:\Users\Helen\Desktop\leo.jpg
[2014/04/14 15:16:42 | 000,136,033 | ---- | M] () -- C:\Users\Helen\Desktop\hannn.jpg
[2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/14 12:37:47 | 003,842,935 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:45 | 002,337,926 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:32:28 | 096,086,399 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 12:32:28 | 000,269,776 | ---- | M] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3.sfk
[2014/04/14 12:32:28 | 000,064,656 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs.mp4.sfk
[2014/04/14 12:32:28 | 000,042,880 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4.sfk
[2014/04/14 11:58:22 | 002,755,999 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:52 | 004,137,157 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/13 20:48:30 | 011,977,510 | ---- | M] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:22 | 007,828,438 | ---- | M] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 17:46:09 | 010,802,833 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 17:44:28 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/13 17:44:28 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/13 17:44:28 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/13 15:48:35 | 000,643,949 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | M] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | M] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | M] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:22:50 | 001,380,112 | ---- | M] () -- C:\Users\Helen\Desktop\flipp promo.jpg
[2014/04/13 13:07:15 | 001,687,379 | ---- | M] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:03:24 | 000,189,304 | ---- | M] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:51:21 | 000,514,427 | ---- | M] () -- C:\Users\Helen\Desktop\Problem-Understand-Me-EP-Artwork.jpg
[2014/04/13 11:03:01 | 002,166,378 | ---- | M] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 22:05:20 | 000,000,002 | ---- | M] () -- C:\END
[2014/04/12 22:03:35 | 002,260,640 | ---- | M] () -- C:\Users\Helen\Desktop\Step.Brothers.Extended.Edition.2008.1080p.BRRip.x264.AC3-Kay.exe
[2014/04/12 20:59:33 | 004,547,032 | ---- | M] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/12 18:22:01 | 000,227,998 | ---- | M] () -- C:\Users\Helen\Desktop\MOMS CAKE.jpeg
[2014/04/12 17:52:20 | 001,276,797 | ---- | M] () -- C:\Users\Helen\Desktop\CLAUDIA-PERFECTION-IN-TIGHT-LEATHER-BY-BOSSMANZHE-psd99875.psd
[2014/04/12 17:50:50 | 001,478,037 | ---- | M] () -- C:\Users\Helen\Desktop\CLAUDIA-SPECIAL-POST-BY-BOSSMANZHENKOR-ARTS-psd99874.psd
[2014/04/12 14:29:27 | 001,111,358 | ---- | M] () -- C:\Users\Helen\Desktop\stoney.jpg
[2014/04/11 22:00:02 | 011,279,124 | ---- | M] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/11 21:39:48 | 000,449,166 | ---- | M] () -- C:\Users\Helen\Desktop\LongBeachSunset_RonniePittman_Flickr_03272012.jpg
[2014/04/11 21:36:25 | 000,131,113 | ---- | M] () -- C:\Users\Helen\Desktop\Long-Beach-Cityscape.jpg
[2014/04/11 21:20:35 | 000,452,546 | ---- | M] () -- C:\Users\Helen\Desktop\nast.jpg
[2014/04/11 18:20:55 | 000,153,520 | ---- | M] () -- C:\Users\Helen\Desktop\problem 2.jpg
[2014/04/11 17:14:22 | 000,512,992 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 17:08:03 | 002,821,953 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/11 16:03:23 | 000,324,174 | ---- | M] () -- C:\Users\Helen\Desktop\AZMB.jpg
[2014/04/11 14:37:35 | 000,112,465 | ---- | M] () -- C:\Users\Helen\Desktop\problem.jpg
[2014/04/11 12:45:53 | 000,067,692 | ---- | M] () -- C:\Users\Helen\Desktop\fn main.jpg
[2014/04/11 12:44:34 | 000,006,119 | ---- | M] () -- C:\Users\Helen\Desktop\fn7.jpg
[2014/04/11 12:44:21 | 000,055,395 | ---- | M] () -- C:\Users\Helen\Desktop\fn6.jpg
[2014/04/11 12:44:10 | 000,051,830 | ---- | M] () -- C:\Users\Helen\Desktop\fn5.jpg
[2014/04/11 12:44:01 | 000,042,316 | ---- | M] () -- C:\Users\Helen\Desktop\fn3.jpg
[2014/04/11 12:43:54 | 000,041,051 | ---- | M] () -- C:\Users\Helen\Desktop\fn2.jpg
[2014/04/11 12:43:45 | 000,034,485 | ---- | M] () -- C:\Users\Helen\Desktop\fn.jpg
[2014/04/10 22:22:17 | 000,044,329 | ---- | M] () -- C:\Users\Helen\Desktop\ratchet.jpg
[2014/04/10 20:45:21 | 010,335,084 | ---- | M] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/09 21:45:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 21:45:47 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/09 16:59:03 | 004,081,040 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/09 11:38:47 | 000,077,287 | ---- | M] () -- C:\Users\Helen\Desktop\ab.jpg
[2014/04/08 17:47:05 | 001,152,746 | ---- | M] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 16:59:51 | 000,006,103 | ---- | M] () -- C:\Users\Helen\Desktop\jumbo.png
[2014/04/08 16:29:58 | 000,175,249 | ---- | M] () -- C:\Users\Helen\Desktop\ASU.jpg
[2014/04/08 15:47:17 | 001,697,776 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 15:47:11 | 028,924,674 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/08 03:16:00 | 001,077,359 | ---- | M] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 17:03:32 | 000,279,499 | ---- | M] () -- C:\Users\Helen\Desktop\ali.jpg
[2014/04/07 16:18:09 | 017,050,231 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/07 15:51:54 | 004,296,358 | ---- | M] () -- C:\Users\Helen\Desktop\b roy.jpg
[2014/04/07 15:50:41 | 000,787,672 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/07 15:50:33 | 009,720,636 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/07 15:38:56 | 000,043,487 | ---- | M] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:51 | 000,267,413 | ---- | M] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:36:50 | 000,000,132 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/04/07 15:01:59 | 000,060,090 | ---- | M] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | M] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | M] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:34:32 | 001,111,133 | ---- | M] () -- C:\Users\Helen\Desktop\stoney logo.jpg
[2014/04/07 14:29:27 | 004,355,723 | ---- | M] () -- C:\Users\Helen\Desktop\AHCM The Bizzness.jpg
[2014/04/07 14:17:42 | 004,299,305 | ---- | M] () -- C:\Users\Helen\Desktop\ACHM.jpg
[2014/04/07 14:14:44 | 004,340,791 | ---- | M] () -- C:\Users\Helen\Desktop\Big Vic & Envy.jpg
[2014/04/07 14:14:17 | 004,340,495 | ---- | M] () -- C:\Users\Helen\Desktop\Chalie Mack.jpg
[2014/04/07 14:11:40 | 004,324,211 | ---- | M] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:18 | 004,287,034 | ---- | M] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 14:10:12 | 004,358,127 | ---- | M] () -- C:\Users\Helen\Desktop\Brad Thompson.jpg
[2014/04/07 14:09:46 | 004,356,323 | ---- | M] () -- C:\Users\Helen\Desktop\Deezo Fatsaxx.jpg
[2014/04/07 13:24:52 | 000,026,661 | ---- | M] () -- C:\Users\Helen\Desktop\ys3.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | M] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | M] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/07 11:14:08 | 000,118,028 | ---- | M] () -- C:\Users\Helen\Desktop\gfx.jpg
[2014/04/05 22:16:24 | 000,237,492 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:20 | 000,220,884 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 22:11:47 | 000,074,109 | ---- | M] () -- C:\Users\Helen\Desktop\ys.jpg
[2014/04/05 21:31:50 | 000,149,589 | ---- | M] () -- C:\Users\Helen\Desktop\we.png
[2014/04/05 20:57:42 | 000,057,572 | ---- | M] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 20:42:33 | 000,560,676 | ---- | M] () -- C:\Users\Helen\Desktop\weedplant-482554.jpeg
[2014/04/05 20:22:53 | 000,621,649 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWERback.jpg
[2014/04/05 20:22:45 | 010,767,744 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/05 19:12:37 | 000,579,820 | ---- | M] () -- C:\Users\Helen\Desktop\ddct default.jpg
[2014/04/05 13:19:03 | 000,347,856 | ---- | M] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/04 19:36:03 | 000,086,997 | ---- | M] () -- C:\Users\Helen\Desktop\Problem_lowres.jpg
[2014/04/03 13:35:29 | 000,806,538 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.jpg
[2014/04/03 12:14:20 | 000,418,249 | ---- | M] () -- C:\Users\Helen\Desktop\despicable_me_2_minions-1920x1080.jpg
[2014/04/02 19:40:46 | 000,118,761 | ---- | M] () -- C:\Users\Helen\Desktop\ma.jpg
[2014/04/02 19:27:37 | 000,142,043 | ---- | M] () -- C:\Users\Helen\Desktop\BOXING-GLOVES-JY9103.jpg
[2014/04/02 19:26:11 | 000,113,680 | ---- | M] () -- C:\Users\Helen\Desktop\boxing-ring.jpg
[2014/04/02 17:39:26 | 000,047,880 | ---- | M] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 17:27:20 | 000,816,682 | ---- | M] () -- C:\Users\Helen\Desktop\G2G.jpg
[2014/04/02 16:44:43 | 000,184,768 | ---- | M] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | M] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:07 | 000,136,120 | ---- | M] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:20 | 003,722,020 | ---- | M] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | M] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 16:29:08 | 000,139,047 | ---- | M] () -- C:\Users\Helen\Desktop\cinco tickets.jpg
[2014/04/01 02:08:07 | 000,430,595 | ---- | M] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 18:27:54 | 000,448,348 | ---- | M] () -- C:\Users\Helen\Desktop\Scan0005.jpg
[2014/03/30 18:24:00 | 000,349,255 | ---- | M] () -- C:\Users\Helen\Desktop\Scan0004.jpg
[2014/03/30 11:13:05 | 003,164,995 | ---- | M] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:33 | 011,548,039 | ---- | M] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 17:06:44 | 000,042,679 | ---- | M] () -- C:\Users\Helen\Desktop\SKI.jpg
[2014/03/28 16:48:20 | 000,213,526 | ---- | M] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/26 00:10:00 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/25 11:39:29 | 000,154,792 | ---- | M] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/24 17:10:06 | 000,262,545 | ---- | M] () -- C:\Users\Helen\Desktop\AZNVD.jpg
[2014/03/24 16:56:50 | 000,021,518 | ---- | M] () -- C:\Users\Helen\Desktop\LIPS.png
[2014/03/22 15:18:22 | 008,715,694 | ---- | M] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/21 19:59:56 | 000,050,538 | ---- | M] () -- C:\Users\Helen\Desktop\JME.jpg
[2014/03/21 19:03:51 | 002,105,566 | ---- | M] () -- C:\Users\Helen\Desktop\dirty promo.jpg
[2014/03/21 13:49:57 | 000,259,830 | ---- | M] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2014/03/20 17:26:54 | 000,925,685 | ---- | M] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/19 20:00:19 | 000,057,583 | ---- | M] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/19 19:42:49 | 000,073,661 | ---- | M] () -- C:\Users\Helen\Desktop\chopper AZMB.jpg
[2014/03/18 19:18:45 | 005,415,473 | ---- | M] () -- C:\Users\Helen\Desktop\no wack acts.jpg
[2014/03/18 12:41:41 | 008,009,431 | ---- | M] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3

========== Files Created - No Company Name ==========

[2014/04/15 15:30:22 | 000,048,638 | ---- | C] () -- C:\Users\Helen\Desktop\tur pic.jpg
[2014/04/15 15:19:05 | 009,142,856 | ---- | C] () -- C:\Users\Helen\Desktop\the trendsetterz thotties.mp3
[2014/04/15 15:08:55 | 002,215,493 | ---- | C] () -- C:\Users\Helen\Desktop\azmb drip turquoise.eps
[2014/04/15 15:08:21 | 002,522,766 | ---- | C] () -- C:\Users\Helen\Desktop\azmb drip white.eps
[2014/04/15 15:03:59 | 000,199,481 | ---- | C] () -- C:\Users\Helen\Desktop\boss life.jpg
[2014/04/15 14:57:06 | 007,002,241 | ---- | C] () -- C:\Users\Helen\Desktop\AZMADE ROMAN.psd
[2014/04/15 14:56:15 | 000,023,794 | ---- | C] () -- C:\Users\Helen\Desktop\adeezy.jpg
[2014/04/15 14:54:27 | 000,504,917 | ---- | C] () -- C:\Users\Helen\Desktop\az4.jpg
[2014/04/15 14:50:44 | 000,498,659 | ---- | C] () -- C:\Users\Helen\Desktop\az3.jpg
[2014/04/15 14:37:00 | 000,494,024 | ---- | C] () -- C:\Users\Helen\Desktop\az2.jpg
[2014/04/15 14:23:32 | 000,401,286 | ---- | C] () -- C:\Users\Helen\Desktop\AZ1.jpg
[2014/04/15 13:50:34 | 000,301,963 | ---- | C] () -- C:\Users\Helen\Desktop\drip.jpg
[2014/04/15 13:49:23 | 000,262,335 | ---- | C] () -- C:\Users\Helen\Desktop\rollysroyce-mock-real.jpg
[2014/04/15 12:27:05 | 004,025,419 | ---- | C] () -- C:\Users\Helen\Desktop\[bleep] A [bleep] Dirty Dan.mp3
[2014/04/15 12:07:13 | 000,046,161 | ---- | C] () -- C:\Users\Helen\Desktop\guero p.jpg
[2014/04/15 11:17:46 | 000,497,783 | ---- | C] () -- C:\Users\Helen\Desktop\AZ DRIP.jpg
[2014/04/14 19:35:19 | 002,558,335 | ---- | C] () -- C:\Users\Helen\Desktop\leo flyer.jpg
[2014/04/14 18:57:32 | 000,055,595 | ---- | C] () -- C:\Users\Helen\Desktop\Serpentine-Bold-Bold.ttf
[2014/04/14 18:43:03 | 000,896,748 | ---- | C] () -- C:\Users\Helen\Desktop\---Mia-Troche-psd83172.psd
[2014/04/14 16:53:46 | 004,360,747 | ---- | C] () -- C:\Users\Helen\Desktop\Alphounce Wolf.jpg
[2014/04/14 15:24:03 | 004,771,160 | ---- | C] () -- C:\Users\Helen\Desktop\leo.psd
[2014/04/14 15:21:32 | 000,089,993 | ---- | C] () -- C:\Users\Helen\Desktop\Xpert Pole.jpg
[2014/04/14 15:16:58 | 000,063,366 | ---- | C] () -- C:\Users\Helen\Desktop\leo.jpg
[2014/04/14 15:16:41 | 000,136,033 | ---- | C] () -- C:\Users\Helen\Desktop\hannn.jpg
[2014/04/14 13:19:30 | 001,478,037 | ---- | C] () -- C:\Users\Helen\Desktop\CLAUDIA-SPECIAL-POST-BY-BOSSMANZHENKOR-ARTS-psd99874.psd
[2014/04/14 13:18:30 | 001,276,797 | ---- | C] () -- C:\Users\Helen\Desktop\CLAUDIA-PERFECTION-IN-TIGHT-LEATHER-BY-BOSSMANZHE-psd99875.psd
[2014/04/14 12:37:46 | 003,842,935 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:41 | 002,337,926 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:19:56 | 096,086,399 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 12:08:38 | 000,269,776 | ---- | C] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3.sfk
[2014/04/14 12:07:48 | 000,042,880 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4.sfk
[2014/04/14 12:07:42 | 000,064,656 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs.mp4.sfk
[2014/04/14 11:58:19 | 002,755,999 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:51 | 004,137,157 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/13 20:48:25 | 011,977,510 | ---- | C] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:09 | 007,828,438 | ---- | C] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 15:28:59 | 000,643,949 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | C] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | C] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | C] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:07:14 | 001,687,379 | ---- | C] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:58:49 | 010,802,833 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 12:03:26 | 000,189,304 | ---- | C] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:51:20 | 000,514,427 | ---- | C] () -- C:\Users\Helen\Desktop\Problem-Understand-Me-EP-Artwork.jpg
[2014/04/13 11:00:04 | 002,166,378 | ---- | C] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 22:05:16 | 000,000,002 | ---- | C] () -- C:\END
[2014/04/12 22:03:35 | 002,260,640 | ---- | C] () -- C:\Users\Helen\Desktop\Step.Brothers.Extended.Edition.2008.1080p.BRRip.x264.AC3-Kay.exe
[2014/04/12 20:59:35 | 004,547,032 | ---- | C] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/12 18:22:01 | 000,227,998 | ---- | C] () -- C:\Users\Helen\Desktop\MOMS CAKE.jpeg
[2014/04/12 14:29:25 | 001,111,358 | ---- | C] () -- C:\Users\Helen\Desktop\stoney.jpg
[2014/04/11 22:00:06 | 001,380,112 | ---- | C] () -- C:\Users\Helen\Desktop\flipp promo.jpg
[2014/04/11 21:39:47 | 000,449,166 | ---- | C] () -- C:\Users\Helen\Desktop\LongBeachSunset_RonniePittman_Flickr_03272012.jpg
[2014/04/11 21:36:25 | 000,131,113 | ---- | C] () -- C:\Users\Helen\Desktop\Long-Beach-Cityscape.jpg
[2014/04/11 21:20:35 | 000,452,546 | ---- | C] () -- C:\Users\Helen\Desktop\nast.jpg
[2014/04/11 17:14:20 | 000,512,992 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 16:35:51 | 002,821,953 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/11 16:03:27 | 000,324,174 | ---- | C] () -- C:\Users\Helen\Desktop\AZMB.jpg
[2014/04/11 14:37:41 | 000,153,520 | ---- | C] () -- C:\Users\Helen\Desktop\problem 2.jpg
[2014/04/11 14:37:35 | 000,112,465 | ---- | C] () -- C:\Users\Helen\Desktop\problem.jpg
[2014/04/11 13:30:09 | 011,279,124 | ---- | C] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/11 12:45:52 | 000,067,692 | ---- | C] () -- C:\Users\Helen\Desktop\fn main.jpg
[2014/04/11 12:44:34 | 000,006,119 | ---- | C] () -- C:\Users\Helen\Desktop\fn7.jpg
[2014/04/11 12:44:20 | 000,055,395 | ---- | C] () -- C:\Users\Helen\Desktop\fn6.jpg
[2014/04/11 12:44:10 | 000,051,830 | ---- | C] () -- C:\Users\Helen\Desktop\fn5.jpg
[2014/04/11 12:44:01 | 000,042,316 | ---- | C] () -- C:\Users\Helen\Desktop\fn3.jpg
[2014/04/11 12:43:54 | 000,041,051 | ---- | C] () -- C:\Users\Helen\Desktop\fn2.jpg
[2014/04/11 12:43:45 | 000,034,485 | ---- | C] () -- C:\Users\Helen\Desktop\fn.jpg
[2014/04/10 22:22:16 | 000,044,329 | ---- | C] () -- C:\Users\Helen\Desktop\ratchet.jpg
[2014/04/10 20:45:03 | 010,335,084 | ---- | C] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/09 11:38:47 | 000,077,287 | ---- | C] () -- C:\Users\Helen\Desktop\ab.jpg
[2014/04/08 17:46:09 | 001,152,746 | ---- | C] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 16:59:51 | 000,006,103 | ---- | C] () -- C:\Users\Helen\Desktop\jumbo.png
[2014/04/08 16:29:58 | 000,175,249 | ---- | C] () -- C:\Users\Helen\Desktop\ASU.jpg
[2014/04/08 15:47:16 | 001,697,776 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 03:16:02 | 001,077,359 | ---- | C] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 17:03:18 | 000,279,499 | ---- | C] () -- C:\Users\Helen\Desktop\ali.jpg
[2014/04/07 16:18:14 | 028,924,674 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/07 15:51:47 | 004,296,358 | ---- | C] () -- C:\Users\Helen\Desktop\b roy.jpg
[2014/04/07 15:38:56 | 000,043,487 | ---- | C] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:48 | 000,267,413 | ---- | C] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:01:59 | 000,060,090 | ---- | C] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | C] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | C] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:34:29 | 001,111,133 | ---- | C] () -- C:\Users\Helen\Desktop\stoney logo.jpg
[2014/04/07 14:29:20 | 004,355,723 | ---- | C] () -- C:\Users\Helen\Desktop\AHCM The Bizzness.jpg
[2014/04/07 14:17:36 | 004,299,305 | ---- | C] () -- C:\Users\Helen\Desktop\ACHM.jpg
[2014/04/07 14:14:37 | 004,340,791 | ---- | C] () -- C:\Users\Helen\Desktop\Big Vic & Envy.jpg
[2014/04/07 14:14:11 | 004,340,495 | ---- | C] () -- C:\Users\Helen\Desktop\Chalie Mack.jpg
[2014/04/07 14:11:33 | 004,324,211 | ---- | C] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:12 | 004,287,034 | ---- | C] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 14:10:05 | 004,358,127 | ---- | C] () -- C:\Users\Helen\Desktop\Brad Thompson.jpg
[2014/04/07 14:09:38 | 004,356,323 | ---- | C] () -- C:\Users\Helen\Desktop\Deezo Fatsaxx.jpg
[2014/04/07 13:24:52 | 000,026,661 | ---- | C] () -- C:\Users\Helen\Desktop\ys3.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | C] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | C] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/07 11:14:07 | 000,118,028 | ---- | C] () -- C:\Users\Helen\Desktop\gfx.jpg
[2014/04/05 22:16:28 | 000,237,492 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:22 | 000,220,884 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 22:11:47 | 000,074,109 | ---- | C] () -- C:\Users\Helen\Desktop\ys.jpg
[2014/04/05 21:48:52 | 000,787,672 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/05 21:31:50 | 000,149,589 | ---- | C] () -- C:\Users\Helen\Desktop\we.png
[2014/04/05 21:05:28 | 009,720,636 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/05 20:57:42 | 000,057,572 | ---- | C] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 20:42:33 | 000,560,676 | ---- | C] () -- C:\Users\Helen\Desktop\weedplant-482554.jpeg
[2014/04/05 20:10:53 | 000,621,649 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWERback.jpg
[2014/04/05 19:12:36 | 000,579,820 | ---- | C] () -- C:\Users\Helen\Desktop\ddct default.jpg
[2014/04/05 13:19:03 | 000,347,856 | ---- | C] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/04 21:48:19 | 004,081,040 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/04 19:36:03 | 000,086,997 | ---- | C] () -- C:\Users\Helen\Desktop\Problem_lowres.jpg
[2014/04/03 13:35:28 | 000,806,538 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.jpg
[2014/04/03 12:45:07 | 010,767,744 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/03 12:14:20 | 000,418,249 | ---- | C] () -- C:\Users\Helen\Desktop\despicable_me_2_minions-1920x1080.jpg
[2014/04/02 19:40:46 | 000,118,761 | ---- | C] () -- C:\Users\Helen\Desktop\ma.jpg
[2014/04/02 19:31:00 | 017,050,231 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/02 19:27:36 | 000,142,043 | ---- | C] () -- C:\Users\Helen\Desktop\BOXING-GLOVES-JY9103.jpg
[2014/04/02 19:26:11 | 000,113,680 | ---- | C] () -- C:\Users\Helen\Desktop\boxing-ring.jpg
[2014/04/02 17:39:26 | 000,047,880 | ---- | C] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 17:27:18 | 000,816,682 | ---- | C] () -- C:\Users\Helen\Desktop\G2G.jpg
[2014/04/02 16:44:12 | 000,184,768 | ---- | C] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | C] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:06 | 000,136,120 | ---- | C] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:17 | 003,722,020 | ---- | C] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | C] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 16:29:07 | 000,139,047 | ---- | C] () -- C:\Users\Helen\Desktop\cinco tickets.jpg
[2014/04/01 02:08:06 | 000,430,595 | ---- | C] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 18:44:56 | 000,448,348 | ---- | C] () -- C:\Users\Helen\Desktop\Scan0005.jpg
[2014/03/30 18:44:56 | 000,349,255 | ---- | C] () -- C:\Users\Helen\Desktop\Scan0004.jpg
[2014/03/30 11:12:56 | 003,164,995 | ---- | C] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:28 | 011,548,039 | ---- | C] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 17:06:44 | 000,042,679 | ---- | C] () -- C:\Users\Helen\Desktop\SKI.jpg
[2014/03/28 16:48:19 | 000,213,526 | ---- | C] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/25 11:39:28 | 000,154,792 | ---- | C] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/24 17:10:04 | 000,262,545 | ---- | C] () -- C:\Users\Helen\Desktop\AZNVD.jpg
[2014/03/24 16:56:50 | 000,021,518 | ---- | C] () -- C:\Users\Helen\Desktop\LIPS.png
[2014/03/22 15:18:35 | 008,715,694 | ---- | C] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/21 19:59:56 | 000,050,538 | ---- | C] () -- C:\Users\Helen\Desktop\JME.jpg
[2014/03/21 19:03:49 | 002,105,566 | ---- | C] () -- C:\Users\Helen\Desktop\dirty promo.jpg
[2014/03/19 20:00:19 | 000,057,583 | ---- | C] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/19 19:42:49 | 000,073,661 | ---- | C] () -- C:\Users\Helen\Desktop\chopper AZMB.jpg
[2014/03/19 18:36:27 | 000,925,685 | ---- | C] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/18 18:08:04 | 005,415,473 | ---- | C] () -- C:\Users\Helen\Desktop\no wack acts.jpg
[2014/03/18 12:41:38 | 008,009,431 | ---- | C] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3
[2014/03/16 23:32:07 | 000,259,830 | ---- | C] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2013/01/24 14:04:01 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2013/01/24 13:40:25 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2013/01/24 13:40:25 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/11/03 22:44:05 | 393,697,280 | ---- | C] () -- C:\Users\Helen\Twitch-Exfiltration.iso
[2012/09/21 12:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 12:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 12:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/09/05 21:55:00 | 000,000,132 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/20 19:29:20 | 000,000,668 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\vso_ts_preview.xml
[2012/08/20 19:27:01 | 000,099,384 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\inst.exe
[2012/08/20 19:27:01 | 000,007,859 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.cat
[2012/08/20 19:27:01 | 000,001,167 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.inf
[2012/03/08 18:15:53 | 000,000,054 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\updater.cfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/27 11:45:48 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\5400 Series
[2012/08/20 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Acoustica
[2014/04/15 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Audacity
[2012/03/05 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\BitZipper
[2012/09/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/28 21:10:13 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/13 12:54:14 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\DAEMON Tools Pro
[2013/01/24 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\dBpoweramp
[2013/03/07 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Digiarty
[2012/05/23 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Digidesign
[2012/05/23 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Dropbox
[2012/09/25 02:08:07 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\EurekaLog
[2011/05/24 11:02:38 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech
[2013/01/21 00:11:27 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Mp3tag
[2013/06/14 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\PACE Anti-Piracy
[2012/02/29 16:18:11 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\PCDr
[2012/03/09 00:07:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Publish Providers
[2012/03/08 18:15:47 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Red Giant Link
[2012/03/08 21:07:22 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\SoftGrid Client
[2012/03/09 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Sony
[2012/12/03 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Sony Creative Software
[2012/02/28 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/09 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\StreamTorrent
[2012/08/20 01:09:02 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\SynthMaker
[2013/06/18 00:50:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\TeamViewer
[2011/05/24 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\TP
[2012/03/05 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Trillium Lane
[2014/04/15 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\uTorrent
[2013/11/12 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Vso
[2011/05/25 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\WildTangent
[2013/01/04 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Wireless Workshop LLC
[2014/04/12 21:33:49 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Wise

========== Purity Check ==========

< End of report >

#8
zep516

Posted 15 April 2014 - 07:28 PM

Trusted Helper

Malware Removal
8,090 posts

Hello pyroazmb,

Thank you for the logs, I'll review them, in the mean time please follow the exercies below and post the logs. These will remove any left overs, take you time..

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the Report button and the report will open in Notepad.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can find the log file at C:\AdwCleaner
Next

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Download Security Check by screen317 from http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the following logs in your next reply:
JRT.txt
AdwCleaner[S0].txt
checkup.txt

Tell me how things are with the computer.

Thanks
Joe

#9
pyroazmb

Posted 15 April 2014 - 08:44 PM

Member

Topic Starter
Member
11 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Helen on Tue 04/15/2014 at 19:32:22.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Helen\appdata\local\{4AB7B65F-6D69-481E-B8F3-485AE3A0E775}
Successfully deleted: [Empty Folder] C:\Users\Helen\appdata\local\{52EDA5FD-4138-4222-B5A9-09AA0ED2E022}
Successfully deleted: [Empty Folder] C:\Users\Helen\appdata\local\{F27E0C00-3126-4C06-A485-BBADAEB9E241}

~~~ FireFox

Emptied folder: C:\Users\Helen\AppData\Roaming\mozilla\firefox\profiles\fnzt0wzi.default\minidumps [104 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/15/2014 at 19:42:04.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.023 - Report created 15/04/2014 at 19:24:20
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Helen - PYROAZMB
# Running from : C:\Users\Helen\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\fnzt0wzi.default\Extensions\[email protected]
Folder Deleted : C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\IePlugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Helen\AppData\Roaming\Mozilla\Firefox\Profiles\fnzt0wzi.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hp&ts=1397365494&from=irs&uid=WDCXWD5000AAKS-75V0A0_WD-WCAWFA47377173771&i=psd&t=340e50d9d");

-\\ Google Chrome v

[ File : C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [3362 octets] - [15/04/2014 19:23:20]
AdwCleaner[S0].txt - [3105 octets] - [15/04/2014 19:24:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3165 octets] ##########

UNSUPPORTED OPERATING SYSTEM! ABORTED!

also the computer seems to be a bit better. i havent experienced any pop ups yet which is REALLY good. let me know if anything else pops up..thank you so much so far!!

Edited by pyroazmb, 15 April 2014 - 08:45 PM.

#10
zep516

Posted 15 April 2014 - 08:57 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Another fix with OTL to address some left overs.

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=340e50d9d"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll File not found
O1364bit: - gopher Prefix: missing
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found

:Files

:Commands

[emptytemp]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that EVERTHING is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In your next reply to me please post:

The OTL Fix log. You can find that log here--->C:\_OTL\Moved Files
New OTL Log after Quick Scan.
Malwarebytes log.

Thanks
Joe

#11
pyroazmb

Posted 15 April 2014 - 11:01 PM

Member

Topic Starter
Member
11 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "http://www.v9.com/?t....sd&t=340e50d9d" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helen
->Temp folder emptied: 3475491 bytes
->Temporary Internet Files folder emptied: 45020 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53917024 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

OTL by OldTimer - Version 3.2.70.2 log created on 04152014_203200

Files\Folders moved on Reboot...
C:\Users\Helen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Helen\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 4/15/2014 9:56:17 PM - Run 4
OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Helen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.03% Memory free
16.00 Gb Paging File | 14.06 Gb Available in Paging File | 87.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.20 Gb Total Space | 165.46 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.74 Gb Free Space | 90.52% Space Free | Partition Type: FAT32

Computer Name: PYROAZMB | User Name: Helen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
PRC - [2014/03/29 01:16:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/11 16:49:40 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2013/09/03 06:54:02 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/11 15:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/29 01:16:00 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/11 16:49:39 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/12 03:34:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:33:47 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\45f490388fbd195e201a1c46e3045086\PresentationFramework.ni.dll
MOD - [2014/02/12 03:33:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:33:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:33:26 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\473ff277c41d6fe614535a1f6102674a\PresentationCore.ni.dll
MOD - [2014/02/12 03:33:17 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:33:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:33:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 03:33:08 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:33:02 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/04 18:53:30 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 23:14:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/03/29 01:16:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 16:49:42 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/12/20 16:16:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 15:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 12:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 12:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 20:55:48 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 06:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/28 18:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/10/28 18:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/09/01 23:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/31 20:08:06 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/09/30 23:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
DRV:64bit: - [2009/07/15 01:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{57913FED-86D6-4182-89B2-E68AEA0ABD81}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{103215E5-63D5-4D84-AE58-43CAA2A30485}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{249EA421-8F3B-4786-8362-3064655120E1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{B4837E54-7933-484D-BB87-D08F6E635936}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Helen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Helen\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/11/12 13:47:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/02/28 22:49:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/02 18:54:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 01:15:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/28 20:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Extensions
[2014/04/15 19:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helen\AppData\Roaming\mozilla\Firefox\Profiles\fnzt0wzi.default\extensions
[2013/08/05 15:47:48 | 000,000,915 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\mozilla\firefox\profiles\fnzt0wzi.default\searchplugins\yahoo.xml
[2014/03/29 01:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 01:16:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: v9 (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Helen\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows LiveÂ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Helen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Invite All = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0\
CHR - Extension: avast! WebRep = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Click here to Select all friends = C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefbbnblngelpldjnnihgincocdpcgdn\5.1_0\

O1 HOSTS File: ([2014/04/15 17:44:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Helen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Microsoft Works\WkDetect.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB866F4-674E-4238-8ACD-13E587A87F43}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5E0124-0AA9-4565-8C8C-519351CD646A}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E20B0E0-42F0-4025-AA5B-C8263114F87D}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F82CDEF-B537-47A5-80F9-FBC9E7F62C29}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99787CC4-9787-4BF0-B731-CD582FDDA68E}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5ACD1B4-78E9-4D70-83C3-E87B30AC3F7C}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA82412B-FD98-4004-8471-711CD7DEC234}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/15 19:32:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/15 19:31:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Helen\Desktop\JRT.exe
[2014/04/15 18:56:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/15 17:38:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/14 14:11:11 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/12 21:33:49 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Wise
[2014/04/11 17:02:24 | 000,000,000 | ---D | C] -- C:\Users\Helen\AppData\Roaming\Adobe Mini Bridge CS5.1
[2014/03/29 01:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/26 00:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/26 00:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/08/20 19:27:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Helen\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/04/15 21:53:52 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/15 21:49:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/15 21:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/15 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/15 21:42:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001UA.job
[2014/04/15 21:28:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 21:28:14 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 21:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/15 21:17:42 | 2146,676,735 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 20:47:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/15 19:44:00 | 000,987,448 | ---- | M] () -- C:\Users\Helen\Desktop\SecurityCheck.exe
[2014/04/15 19:38:56 | 000,001,356 | ---- | M] () -- C:\Users\Helen\Desktop\µTorrent.lnk
[2014/04/15 19:31:47 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Helen\Desktop\JRT.exe
[2014/04/15 18:56:23 | 001,426,178 | ---- | M] () -- C:\Users\Helen\Desktop\adwcleaner.exe
[2014/04/15 17:46:11 | 005,242,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/15 17:44:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/15 17:34:43 | 000,002,372 | ---- | M] () -- C:\Users\Helen\Desktop\Google Chrome.lnk
[2014/04/15 17:34:43 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/15 17:34:42 | 000,001,443 | ---- | M] () -- C:\Users\Helen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/15 15:30:41 | 000,048,638 | ---- | M] () -- C:\Users\Helen\Desktop\tur pic.jpg
[2014/04/15 15:26:02 | 007,002,241 | ---- | M] () -- C:\Users\Helen\Desktop\AZMADE ROMAN.psd
[2014/04/15 15:19:21 | 009,142,856 | ---- | M] () -- C:\Users\Helen\Desktop\the trendsetterz thotties.mp3
[2014/04/15 15:08:57 | 002,215,493 | ---- | M] () -- C:\Users\Helen\Desktop\azmb drip turquoise.eps
[2014/04/15 15:08:22 | 002,522,766 | ---- | M] () -- C:\Users\Helen\Desktop\azmb drip white.eps
[2014/04/15 15:04:00 | 000,199,481 | ---- | M] () -- C:\Users\Helen\Desktop\boss life.jpg
[2014/04/15 14:56:15 | 000,023,794 | ---- | M] () -- C:\Users\Helen\Desktop\adeezy.jpg
[2014/04/15 14:54:28 | 000,504,917 | ---- | M] () -- C:\Users\Helen\Desktop\az4.jpg
[2014/04/15 13:50:35 | 000,301,963 | ---- | M] () -- C:\Users\Helen\Desktop\drip.jpg
[2014/04/15 12:27:06 | 004,025,419 | ---- | M] () -- C:\Users\Helen\Desktop\[bleep] A [bleep] Dirty Dan.mp3
[2014/04/15 12:07:13 | 000,046,161 | ---- | M] () -- C:\Users\Helen\Desktop\guero p.jpg
[2014/04/15 03:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/15 00:42:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3650345341-3473016378-3197345188-1001Core.job
[2014/04/14 19:35:22 | 002,558,335 | ---- | M] () -- C:\Users\Helen\Desktop\leo flyer.jpg
[2014/04/14 16:51:12 | 004,771,160 | ---- | M] () -- C:\Users\Helen\Desktop\leo.psd
[2014/04/14 14:11:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Helen\Desktop\OTL.exe
[2014/04/14 12:37:47 | 003,842,935 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:45 | 002,337,926 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:32:28 | 096,086,399 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 11:58:22 | 002,755,999 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:52 | 004,137,157 | ---- | M] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/13 20:48:30 | 011,977,510 | ---- | M] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:22 | 007,828,438 | ---- | M] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 17:46:09 | 010,802,833 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 17:44:28 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/13 17:44:28 | 000,624,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/13 17:44:28 | 000,106,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/13 15:48:35 | 000,643,949 | ---- | M] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | M] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | M] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | M] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | M] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:07:15 | 001,687,379 | ---- | M] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:03:24 | 000,189,304 | ---- | M] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:03:01 | 002,166,378 | ---- | M] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 20:59:33 | 004,547,032 | ---- | M] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/11 22:00:02 | 011,279,124 | ---- | M] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/11 17:14:22 | 000,512,992 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 17:08:03 | 002,821,953 | ---- | M] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/10 20:45:21 | 010,335,084 | ---- | M] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/09 16:59:03 | 004,081,040 | ---- | M] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/08 17:47:05 | 001,152,746 | ---- | M] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 15:47:17 | 001,697,776 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 15:47:11 | 028,924,674 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/08 03:16:00 | 001,077,359 | ---- | M] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 16:18:09 | 017,050,231 | ---- | M] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/07 15:50:41 | 000,787,672 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/07 15:50:33 | 009,720,636 | ---- | M] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/07 15:38:56 | 000,043,487 | ---- | M] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:51 | 000,267,413 | ---- | M] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:36:50 | 000,000,132 | ---- | M] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/04/07 15:01:59 | 000,060,090 | ---- | M] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | M] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | M] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:11:40 | 004,324,211 | ---- | M] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:18 | 004,287,034 | ---- | M] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | M] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | M] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/05 22:16:24 | 000,237,492 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:20 | 000,220,884 | ---- | M] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 20:57:42 | 000,057,572 | ---- | M] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 20:22:45 | 010,767,744 | ---- | M] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/05 13:19:03 | 000,347,856 | ---- | M] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/02 17:39:26 | 000,047,880 | ---- | M] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 16:44:43 | 000,184,768 | ---- | M] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | M] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:07 | 000,136,120 | ---- | M] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:20 | 003,722,020 | ---- | M] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | M] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 02:08:07 | 000,430,595 | ---- | M] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 11:13:05 | 003,164,995 | ---- | M] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:33 | 011,548,039 | ---- | M] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 16:48:20 | 000,213,526 | ---- | M] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/26 00:10:00 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/25 11:39:29 | 000,154,792 | ---- | M] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/22 15:18:22 | 008,715,694 | ---- | M] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/21 13:49:57 | 000,259,830 | ---- | M] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2014/03/20 17:26:54 | 000,925,685 | ---- | M] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/19 20:00:19 | 000,057,583 | ---- | M] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/18 12:41:41 | 008,009,431 | ---- | M] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3

========== Files Created - No Company Name ==========

[2014/04/15 20:47:37 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/15 19:44:00 | 000,987,448 | ---- | C] () -- C:\Users\Helen\Desktop\SecurityCheck.exe
[2014/04/15 18:55:47 | 001,426,178 | ---- | C] () -- C:\Users\Helen\Desktop\adwcleaner.exe
[2014/04/15 15:30:22 | 000,048,638 | ---- | C] () -- C:\Users\Helen\Desktop\tur pic.jpg
[2014/04/15 15:19:05 | 009,142,856 | ---- | C] () -- C:\Users\Helen\Desktop\the trendsetterz thotties.mp3
[2014/04/15 15:08:55 | 002,215,493 | ---- | C] () -- C:\Users\Helen\Desktop\azmb drip turquoise.eps
[2014/04/15 15:08:21 | 002,522,766 | ---- | C] () -- C:\Users\Helen\Desktop\azmb drip white.eps
[2014/04/15 15:03:59 | 000,199,481 | ---- | C] () -- C:\Users\Helen\Desktop\boss life.jpg
[2014/04/15 14:57:06 | 007,002,241 | ---- | C] () -- C:\Users\Helen\Desktop\AZMADE ROMAN.psd
[2014/04/15 14:56:15 | 000,023,794 | ---- | C] () -- C:\Users\Helen\Desktop\adeezy.jpg
[2014/04/15 14:54:27 | 000,504,917 | ---- | C] () -- C:\Users\Helen\Desktop\az4.jpg
[2014/04/15 13:50:34 | 000,301,963 | ---- | C] () -- C:\Users\Helen\Desktop\drip.jpg
[2014/04/15 12:27:05 | 004,025,419 | ---- | C] () -- C:\Users\Helen\Desktop\[bleep] A [bleep] Dirty Dan.mp3
[2014/04/15 12:07:13 | 000,046,161 | ---- | C] () -- C:\Users\Helen\Desktop\guero p.jpg
[2014/04/14 19:35:19 | 002,558,335 | ---- | C] () -- C:\Users\Helen\Desktop\leo flyer.jpg
[2014/04/14 15:24:03 | 004,771,160 | ---- | C] () -- C:\Users\Helen\Desktop\leo.psd
[2014/04/14 12:37:46 | 003,842,935 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE white.eps
[2014/04/14 12:35:41 | 002,337,926 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE gold.eps
[2014/04/14 12:19:56 | 096,086,399 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO & DIRTY FOXS 4-13-14.wmv
[2014/04/14 11:58:19 | 002,755,999 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs 2.mp4
[2014/04/14 11:57:51 | 004,137,157 | ---- | C] () -- C:\Users\Helen\Desktop\pyro foxs.mp4
[2014/04/13 20:48:25 | 011,977,510 | ---- | C] () -- C:\Users\Helen\Desktop\Dumptruck Show Set.mp3
[2014/04/13 17:57:09 | 007,828,438 | ---- | C] () -- C:\Users\Helen\Desktop\All i know PERFORMANCE.mp3
[2014/04/13 15:28:59 | 000,643,949 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.jpg
[2014/04/13 14:51:54 | 000,173,242 | ---- | C] () -- C:\Users\Helen\Desktop\FIREEE.jpg
[2014/04/13 14:47:47 | 000,169,280 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE2.jpg
[2014/04/13 14:46:20 | 000,165,681 | ---- | C] () -- C:\Users\Helen\Desktop\FIRE.jpg
[2014/04/13 13:26:41 | 000,018,136 | ---- | C] () -- C:\Users\Helen\Desktop\belaire.jpeg
[2014/04/13 13:26:10 | 000,024,765 | ---- | C] () -- C:\Users\Helen\Desktop\ace.jpg
[2014/04/13 13:07:14 | 001,687,379 | ---- | C] () -- C:\Users\Helen\Desktop\black-background-paisley.jpg
[2014/04/13 12:58:49 | 010,802,833 | ---- | C] () -- C:\Users\Helen\Desktop\PROBLEM FLYER.psd
[2014/04/13 12:03:26 | 000,189,304 | ---- | C] () -- C:\Users\Helen\Desktop\22.JPG
[2014/04/13 11:00:04 | 002,166,378 | ---- | C] () -- C:\Users\Helen\Desktop\pyro dirty dan.mp4
[2014/04/12 20:59:35 | 004,547,032 | ---- | C] () -- C:\Users\Helen\Desktop\All i know Ruff.mp3
[2014/04/11 17:14:20 | 000,512,992 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.jpg
[2014/04/11 16:35:51 | 002,821,953 | ---- | C] () -- C:\Users\Helen\Desktop\GOONS 2 GOD TEE.psd
[2014/04/11 13:30:09 | 011,279,124 | ---- | C] () -- C:\Users\Helen\Desktop\flipp promo.psd
[2014/04/10 20:45:03 | 010,335,084 | ---- | C] () -- C:\Users\Helen\Desktop\Young N Fly - The Mood Lease.mp3
[2014/04/08 17:46:09 | 001,152,746 | ---- | C] () -- C:\Users\Helen\Desktop\street saints.psd
[2014/04/08 15:47:16 | 001,697,776 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.jpg
[2014/04/08 03:16:02 | 001,077,359 | ---- | C] () -- C:\Users\Helen\Desktop\dopee pyro.mp3
[2014/04/07 16:18:14 | 028,924,674 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover2.psd
[2014/04/07 15:38:56 | 000,043,487 | ---- | C] () -- C:\Users\Helen\Desktop\fbe 2.jpg
[2014/04/07 15:36:48 | 000,267,413 | ---- | C] () -- C:\Users\Helen\Desktop\fbe logo.png
[2014/04/07 15:01:59 | 000,060,090 | ---- | C] () -- C:\Users\Helen\Desktop\YS33.jpg
[2014/04/07 15:01:33 | 000,044,020 | ---- | C] () -- C:\Users\Helen\Desktop\CASTRO.jpg
[2014/04/07 14:56:43 | 000,016,743 | ---- | C] () -- C:\Users\Helen\Desktop\rednose.jpg
[2014/04/07 14:11:33 | 004,324,211 | ---- | C] () -- C:\Users\Helen\Desktop\Big Goob.jpg
[2014/04/07 14:11:12 | 004,287,034 | ---- | C] () -- C:\Users\Helen\Desktop\JRE.jpg
[2014/04/07 13:24:41 | 000,059,706 | ---- | C] () -- C:\Users\Helen\Desktop\riko.jpg
[2014/04/07 13:22:01 | 000,032,843 | ---- | C] () -- C:\Users\Helen\Desktop\double.jpg
[2014/04/05 22:16:28 | 000,237,492 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8782.JPG
[2014/04/05 22:13:22 | 000,220,884 | ---- | C] () -- C:\Users\Helen\Desktop\IMG_8775.JPG
[2014/04/05 21:48:52 | 000,787,672 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.jpg
[2014/04/05 21:05:28 | 009,720,636 | ---- | C] () -- C:\Users\Helen\Desktop\420 flyer.psd
[2014/04/05 20:57:42 | 000,057,572 | ---- | C] () -- C:\Users\Helen\Desktop\ciroc-peach.jpg
[2014/04/05 13:19:03 | 000,347,856 | ---- | C] () -- C:\Users\Helen\Desktop\hot-air-balloons-at-sunset-images-photos-0322125523.jpg
[2014/04/04 21:48:19 | 004,081,040 | ---- | C] () -- C:\Users\Helen\Desktop\PYRO UPCOMING.psd
[2014/04/03 12:45:07 | 010,767,744 | ---- | C] () -- C:\Users\Helen\Desktop\IZELLA BABY SHOWER.psd
[2014/04/02 19:31:00 | 017,050,231 | ---- | C] () -- C:\Users\Helen\Desktop\playboi cover.psd
[2014/04/02 17:39:26 | 000,047,880 | ---- | C] () -- C:\Users\Helen\Desktop\treez.jpg
[2014/04/02 16:44:12 | 000,184,768 | ---- | C] () -- C:\Users\Helen\Desktop\AZ MADE CLOTHING SEAL.jpg
[2014/04/02 11:13:27 | 000,085,384 | ---- | C] () -- C:\Users\Helen\Desktop\ckorey blunt.jpg
[2014/04/02 11:13:06 | 000,136,120 | ---- | C] () -- C:\Users\Helen\Desktop\marcelino.jpg
[2014/04/01 19:50:17 | 003,722,020 | ---- | C] () -- C:\Users\Helen\Desktop\CINCO UPDATED.jpg
[2014/04/01 17:14:37 | 000,110,201 | ---- | C] () -- C:\Users\Helen\Desktop\crown.jpg
[2014/04/01 02:08:06 | 000,430,595 | ---- | C] () -- C:\Users\Helen\Desktop\fb default.jpg
[2014/03/30 11:12:56 | 003,164,995 | ---- | C] () -- C:\Users\Helen\Desktop\lucky ft pyro - believe me.mp3
[2014/03/30 10:42:28 | 011,548,039 | ---- | C] () -- C:\Users\Helen\Desktop\believe me.mp3
[2014/03/28 16:48:19 | 000,213,526 | ---- | C] () -- C:\Users\Helen\Desktop\AZMADE CINCO.jpg
[2014/03/25 11:39:28 | 000,154,792 | ---- | C] () -- C:\Users\Helen\Desktop\slim dk.jpg
[2014/03/22 15:18:35 | 008,715,694 | ---- | C] () -- C:\Users\Helen\Desktop\RICANDTHADEUS LEARN LIFE LEASE.mp3
[2014/03/19 20:00:19 | 000,057,583 | ---- | C] () -- C:\Users\Helen\Desktop\vvvv.jpg
[2014/03/19 18:36:27 | 000,925,685 | ---- | C] () -- C:\Users\Helen\Desktop\SHARES.jpg
[2014/03/18 12:41:38 | 008,009,431 | ---- | C] () -- C:\Users\Helen\Desktop\KNOW DAT HOOK.mp3
[2014/03/16 23:32:07 | 000,259,830 | ---- | C] () -- C:\Users\Helen\Desktop\banner ddct.jpg
[2013/01/24 14:04:01 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2013/01/24 13:40:25 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2013/01/24 13:40:25 | 000,018,041 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/11/03 22:44:05 | 393,697,280 | ---- | C] () -- C:\Users\Helen\Twitch-Exfiltration.iso
[2012/09/21 12:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 12:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 12:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/09/05 21:55:00 | 000,000,132 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/20 19:29:20 | 000,000,668 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\vso_ts_preview.xml
[2012/08/20 19:27:01 | 000,099,384 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\inst.exe
[2012/08/20 19:27:01 | 000,007,859 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.cat
[2012/08/20 19:27:01 | 000,001,167 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\pcouffin.inf
[2012/03/08 18:15:53 | 000,000,054 | ---- | C] () -- C:\Users\Helen\AppData\Roaming\updater.cfg

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/27 11:45:48 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\5400 Series
[2012/08/20 01:05:40 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Acoustica
[2014/04/15 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Audacity
[2012/03/05 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\BitZipper
[2012/09/11 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/28 21:10:13 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/13 12:54:14 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\DAEMON Tools Pro
[2013/01/24 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\dBpoweramp
[2013/03/07 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Digiarty
[2012/05/23 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Digidesign
[2012/05/23 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Dropbox
[2012/09/25 02:08:07 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\EurekaLog
[2011/05/24 11:02:38 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Leadertech
[2013/01/21 00:11:27 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Mp3tag
[2013/06/14 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\PACE Anti-Piracy
[2012/02/29 16:18:11 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\PCDr
[2012/03/09 00:07:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Publish Providers
[2012/03/08 18:15:47 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Red Giant Link
[2012/03/08 21:07:22 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\SoftGrid Client
[2012/03/09 15:13:37 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Sony
[2012/12/03 17:36:44 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Sony Creative Software
[2012/02/28 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/09 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\StreamTorrent
[2012/08/20 01:09:02 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\SynthMaker
[2013/06/18 00:50:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\TeamViewer
[2011/05/24 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\TP
[2012/03/05 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Trillium Lane
[2014/04/15 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\uTorrent
[2013/11/12 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Vso
[2011/05/25 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\WildTangent
[2013/01/04 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Wireless Workshop LLC
[2014/04/12 21:33:49 | 000,000,000 | ---D | M] -- C:\Users\Helen\AppData\Roaming\Wise

========== Purity Check ==========

< End of report >

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
Helen :: PYROAZMB [administrator]

4/15/2014 9:09:58 PM
mbam-log-2014-04-15 (21-09-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252002
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> 1460 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKLM\SYSTEM\CurrentControlSet\Services\ConvertFilesforFreeUpdt (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{22B58425-A384-436c-A334-BB9255664D10} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\Interface\{951F4658-6461-46AD-AB13-F73E7FCBE6DB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree.1 (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ZUpdater\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Data: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 6
C:\Program Files (x86)\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Delete on reboot.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Quarantined and deleted successfully.

Files Detected: 13
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Delete on reboot.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Users\Helen\Downloads\BitZipperH2010.v20120305.TrialSetupEn.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Helen\Downloads\DAEMONToolsPro500316-0317.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Helen\Downloads\uplayermediaplayer-setup.exe (PUP.Optional.FullSpectrumAdmin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\install.ico (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\uninstall.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\chrome.manifest (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\install.rdf (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.xul (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences\defaults.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.

(end)

#12
zep516

Posted 16 April 2014 - 02:55 PM

Trusted Helper

Malware Removal
8,090 posts

Hello pyroazmb,

Hope your day has gone well

Thank you Malwarebytes

Hard to keep up with all the add ware. Keep Malwarebytes and run it every so often.

The Last scan!

Note: This scan may take a while. This scan will also find stuff that we already deleted so don't worry if it looks big.

next

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Post the ESET on line scan log in your next reply.

Thank you

Joe

#13
zep516

Posted 04 May 2014 - 11:14 AM

Trusted Helper

Malware Removal
8,090 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.