Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

www.w44fs.com?


  • Please log in to reply

#1
cabse5

cabse5

    New Member

  • Member
  • Pip
  • 9 posts

Hi, all.  Eventually, when I access the Internet, I see a script error message from my Internet homepage, Google.  The script error message identifies w44fs.com and lists a host of subdirectories of w44fs.com.  The script error asks if I want to continue running scripts on the w44fs.com page, and I almost always click no (once I clicked yes to continue running scripts on the page and Internet processing was immediately locked).  After being notified of the script error, and after clicking no to continuing running scripts on the page, any number of blank pages is created on Google.  Using Ctr+Alt+Del, I'm sometimes able to 'delete' the blank page 'folders' on Google.  When the blank page occurs, Internet processing is slowed down TREMENDOUSLY.  If I'm unable to delete every 'folder' of blank pages, Internet processing is locked up.      
 
I've been able to temporarily slow down? the pernicious effects of w44fs.com by eliminating any unneeded programs, then running a registry cleaner program.  
 
I make sure each internet website I visit is listed with the compatibility view settings of Google tools.
If I visit a website not listed with these compatibility view settings, almost assuredly I get blank pages and lock ups to Internet processing, thanks to w44fs.com
.
 
I don't see w44fs.com (or anything remotely like it) on my computer, so I don't know how to delete it.  I don't know how it got on my computer.  I tried to access w44fs.com and the website said, since I was using Internet Explorer, I was barred from entering the website.
 
I use Windows 7 X64 as the operating system.
I use Internet Explorer 11 as my web browser.
I use Google as the homepage for Internet processing.
I use the current version of Norton Internet Security. 
 
I contacted another forum, www.techsupportforum.com and described my Internet accessing problem.  A TSF tech responded by saying 'malicious' files submitted to a 'virus identifying' program called VirusTotal were found to communicate with www.w44fs.com's assigned IP.  Here is the link the TSF tech offered to me (which made no sense to me): 
https://www.virustot...om/information/
 
I'm tired of rigging my computer so I can access the Internet.
Thanks for any help, Mark.


Edited by godawgs, 27 April 2014 - 10:51 AM.
Removed links to web site

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the next line:
 
"C:\Program Files\Internet Explorer\iexplore" -extoff http://general-chang...de/2-adwcleaner
 
 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.  Internet Explorer should open with add-ons disabled.
 
It should come up and ask you if you want to Run or SAVE adwcleaner.exe
Tell it SAVE and note where it saves it.
 
Close all browsers.  Pause your anti-virus.
Locate the tool.  By default it will be in your Downloads folder.
  • Run the Tool
Windows Vista and Windows 7 users:
Right  click in the adwCleaner.exe and select the Delete option  
  • When the scan completes, it will open a notepad windows. 
  • Please, copy the content of this file in your next reply.
  •  

     
    Junkware-Removal-Tool
     
    Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
    • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.

    • 0

    #3
    cabse5

    cabse5

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Thanks, RKinner, for the data.

     

    I tried the first set of instructions to copy and paste the command line to dosprompt:

     

    C:\Program Files\Internet Explorer\iexplore" -extoff http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner 

     

    and received this error message from dosprompt: (first, my dos command is displayed Beginning with my C:\Windows\system32 (for administrator), then your C:\Program Files 'link'to the end) like so:

     

    C:\Windows\system32C:\Program Files\Internet Explorer\iexplore" -extoff http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner.  With the resulting error message:

     

    'C:\Program' is not recognized as an internal or external command, operable program or batch file.

     

    To reiterate, the command prompt from my dosprompt begins with my directories: C:\Windows\system32, then your C:\Program Files... command, and I'm unable to backspace out of the C:\Windows\system32 administrator directories in the beginning of my dosprompt.

     

    I've tried to execute the DOS command using C\Windows\system32 then your link Beginning with \Internet Explorer... and received the same message 'C:\Program is not recognized' like so:

    C:\Windows\system32\Internet Explorer\iexplore" -extoff http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

     

    'Program' is still not recognized...'

     

    Help?

     

    Mark


    Edited by cabse5, 30 April 2014 - 01:26 PM.

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    You left off the first quotation mark.  


    • 0

    #5
    cabse5

    cabse5

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts
    Yes, I left off the first quote...
    Here is the log created after adwCleaner was executed:
    
     AdwCleaner v3.205 - Report created 01/05/2014 at 17:14:30
    # Updated 28/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Mark Fruehling - MARKFRUEHLING
    # Running from : G:\adwcleaner.exe
    # Option : Clean
    
    ***** [ Services ] *****
    
    
    ***** [ Files / Folders ] *****
    
    Folder Deleted : C:\Save
    Folder Deleted : C:\Program Files (x86)\blekkotb
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\I Want This
    Folder Deleted : C:\Program Files (x86)\Uniblue
    Folder Deleted : C:\Program Files (x86)\Vuze_Remote
    Folder Deleted : C:\Program Files (x86)\yourfiledownloader
    Folder Deleted : C:\Program Files (x86)\Vuze
    Folder Deleted : C:\Program Files (x86)\Produtools_Manuals_2.1
    Folder Deleted : C:\Users\Internet Browser\AppData\Local\blekkotb
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\blekkotb
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\TheBflix
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Internet Browser\AppData\LocalLow\Produtools_Manuals_2.1
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Babylon
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\blekkotb
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Conduit
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\ConduitEngine
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\getsavin
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\I Want This
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Vuze_Remote
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Produtools_Manuals_2.1
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\AGI
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\blekkotb
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\TheBflix
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Mark Fruehling\AppData\LocalLow\Produtools_Manuals_2.1
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\blekkotb
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\iWin
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\PriceGong
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\Uniblue
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Roaming\yourfiledownloader
    Folder Deleted : C:\Users\Mark Fruehling\Desktop\Uniblue
    Folder Deleted : C:\Users\Mark Fruehling\Documents\ParetoLogic
    Folder Deleted : C:\Users\Mark Fruehling\Documents\Uniblue
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Folder Deleted : C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmkmnjlliodibplcplaffjdiempemfo
    File Deleted : C:\END
    File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
    File Deleted : C:\Windows\Tasks\dsmonitor.job
    File Deleted : C:\Windows\System32\Tasks\dsmonitor
    File Deleted : C:\Windows\System32\Tasks\YourFile Update
    
    ***** [ Shortcuts ] *****
    
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaLogic\Delta Force\Uninstall.lnk
    
    ***** [ Registry ] *****
    
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bdmkmnjlliodibplcplaffjdiempemfo
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BB95B9D-ED2F-4A89-BD51-30B5D642F0BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BB95B9D-ED2F-4A89-BD51-30B5D642F0BD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB95B9D-ED2F-4A89-BD51-30B5D642F0BD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\07389a5a-fcbd-4299-a6d2-fe600e1c37f5
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\9ba30d6d-b2d5-4e05-80a5-ebad81e255c3
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8512D7CD-66D5-459F-893F-68939486AD68}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6AD32B-823A-42D6-84A2-7CAE7A25FF9C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3CA9722-2953-497F-9FA3-B3EE45D2AA2F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C48DF79-FD2E-4BFF-BF45-DF5865BAC5E0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : HKCU\Software\AGI
    Key Deleted : HKCU\Software\blekkotb
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\Tbccint_HKLM
    Key Deleted : HKCU\Software\Uniblue
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\YourFileDownloader
    Key Deleted : HKCU\Software\Produtools_Manuals_2.1
    Key Deleted : HKCU\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Headlight
    Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Produtools_Manuals_2.1
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKLM\Software\AGI
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Headlight
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\Trymedia Systems
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\Software\YourFileDownloader
    Key Deleted : HKLM\Software\Produtools_Manuals_2.1
    Key Deleted : HKLM\Software\Vuze_Remote
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2.1 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    
    ***** [ Browsers ] *****
    
    -\\ Internet Explorer v11.0.9600.16428
    
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
    
    -\\ Google Chrome v34.0.1847.131
    
    [ File : C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    
    Deleted [Extension] : bdmkmnjlliodibplcplaffjdiempemfo
    Deleted [Extension] : mpfapcdfbbledbojijcbcclmlieaoogk
    
    *************************
    
    AdwCleaner[R0].txt - [19446 octets] - [01/05/2014 17:06:59]
    AdwCleaner[S0].txt - [16735 octets] - [01/05/2014 17:14:30]
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16796 octets] ##########
    

    Here is the log produced after the Junk Removal Tool was executed:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Mark Fruehling on Thu 05/01/2014 at 17:25:17.02
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

     

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF4ADA00-6C0B-4BC7-A5E5-EFB3A54C34BE}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF4ADA00-6C0B-4BC7-A5E5-EFB3A54C34BE}

     

    ~~~ Files

    Successfully deleted: [File] "C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"

     

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\anti-phishing domain advisor"
    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\drivercure"
    Failed to delete: [Folder] "C:\ProgramData\thebflix"
    Successfully deleted: [Folder] "C:\ProgramData\trymedia"
    Successfully deleted: [Folder] "C:\Users\Mark Fruehling\AppData\Roaming\software informer"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"

     

    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Mark Fruehling\appdata\local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 05/01/2014 at 17:42:14.08
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Here is Frst Text created when the Farbar Recovery Scan Tool is executed:

     

    can Tool (FRST.txt) (x64) Version: 30-04-2014 03
    Ran by Mark Fruehling (administrator) on MARKFRUEHLING on 01-05-2014 18:43:50
    Running from C:\Users\Mark Fruehling\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
    (Farbar) C:\Users\Mark Fruehling\Desktop\zzFarbar Recovery Scan Tool X64.exe

    ==================== Registry (Whitelisted) ==================

    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
    HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2357984 2014-02-20] (Microsoft Corp.)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
    HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-997012532-1224238391-1627714293-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
    HKU\S-1-5-21-997012532-1224238391-1627714293-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-02] (Google Inc.)
    HKU\S-1-5-21-997012532-1224238391-1627714293-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-997012532-1224238391-1627714293-1005\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
    Startup: C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Wallpaper & Screensaver.lnk
    ShortcutTarget: Webshots Wallpaper & Screensaver.lnk -> C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe (Webshots)

    ==================== Internet (Whitelisted) ====================

    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
    URLSearchHook: HKCU - (No Name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - No File
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {492A6D90-922B-4BBB-A099-A2364C0ACDE3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKLM-x32 - {492A6D90-922B-4BBB-A099-A2364C0ACDE3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKCU - {492A6D90-922B-4BBB-A099-A2364C0ACDE3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKCU - {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL = http://search.netzer...ry={searchTerms}
    SearchScopes: HKCU - {C3CD82B2-A9E9-43C5-A80E-A0F06378ADFC} URL = https://www.google.c...?q={searchTerms}
    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
    BHO-x32: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll (Juno, Inc.)
    BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} -  No File
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\NetZero\ucreg.dll (NetZero, Inc.)
    BHO-x32: Juno Toolbar Helper - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\ucreg.dll (Juno, Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
    Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} -  No File
    Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.co.marsha...sessor/smsx.cab
    DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
    DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
    Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -  No File
    Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll No File
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 97.64.168.12 97.64.183.165

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ []
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-02-23]
    FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
    FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2011-05-21]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Extension: (Google Docs) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-08]
    CHR Extension: (Google Drive) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-08]
    CHR Extension: (No Name) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmkmnjlliodibplcplaffjdiempemfo [2014-02-08]
    CHR Extension: (YouTube) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-08]
    CHR Extension: (Google Search) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-08]
    CHR Extension: (Norton Identity Protection) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-08]
    CHR Extension: (Google Wallet) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-08]
    CHR Extension: (Gmail) - C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-08]
    CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2011-05-21]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-20]

    ==================== Services (Whitelisted) =================

    R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173280 2014-02-20] (Microsoft Corp.)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-22] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140430.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140501.003\ENG64.SYS [126040 2014-02-22] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140501.003\EX64.SYS [2099288 2014-02-22] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2014-02-11] (Symantec Corporation)
    S3 StarOpen; No ImagePath
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-23] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [X]
    S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-05-01 18:43 - 2014-05-01 18:44 - 00019016 _____ () C:\Users\Mark Fruehling\Desktop\FRST.txt
    2014-05-01 18:43 - 2014-05-01 18:43 - 00000000 ____D () C:\FRST
    2014-05-01 17:42 - 2014-05-01 17:42 - 00002880 _____ () C:\Users\Mark Fruehling\Desktop\JRT.txt
    2014-05-01 17:25 - 2014-05-01 17:25 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-01 17:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-01 17:04 - 2014-05-01 17:16 - 00000000 ____D () C:\AdwCleaner
    2014-05-01 16:15 - 2014-05-01 16:16 - 00280204 _____ () C:\Users\Mark Fruehling\Downloads\WindowsUpdateDiagnostic.diagcab
    2014-05-01 16:05 - 2014-05-01 16:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-01 16:03 - 2014-04-13 21:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-01 16:03 - 2014-04-13 21:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-04-30 14:16 - 2014-04-30 14:16 - 01016261 _____ (Thisisu) C:\Users\Mark Fruehling\Desktop\zzJunk Removal Tool Download.exe
    2014-04-30 13:58 - 2014-04-30 13:58 - 02061824 _____ (Farbar) C:\Users\Mark Fruehling\Desktop\zzFarbar Recovery Scan Tool X64.exe
    2014-04-25 07:44 - 2014-04-25 07:44 - 05315968 _____ (Canneverbe Limited ) C:\Users\Mark Fruehling\Downloads\cdbxp_setup_4.5.3.4746.exe
    2014-04-22 16:36 - 2014-04-22 16:36 - 00000000 ____D () C:\Users\dub_cm_auto
    2014-04-17 08:35 - 2014-04-17 16:31 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\International Association of Commercial Finance Brokers
    2014-04-17 06:41 - 2014-04-17 06:41 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\EMPU
    2014-04-16 17:33 - 2014-04-16 17:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
    2014-04-16 17:33 - 2014-04-16 17:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
    2014-04-16 16:24 - 2014-04-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2014-04-16 16:13 - 2014-04-16 16:13 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
    2014-04-16 16:00 - 2014-04-17 17:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-16 16:00 - 2014-04-16 16:00 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Local\Microsoft Help
    2014-04-15 07:20 - 2014-04-15 07:20 - 18134016 _____ (Adobe Systems Inc.) C:\Users\Mark Fruehling\Downloads\AdobeAIRInstaller.exe
    2014-04-14 06:34 - 2014-05-01 18:34 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForMark Fruehling.job
    2014-04-14 06:34 - 2014-04-14 06:34 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark Fruehling
    2014-04-10 06:11 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-04-10 06:11 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-04-10 06:11 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-04-10 06:11 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-04-10 06:11 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-04-10 06:11 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-04-10 06:11 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-04-10 06:11 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-04-10 06:11 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-04-10 06:11 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-04-10 06:11 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-04-10 06:11 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-04-10 06:11 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-04-10 06:10 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-04-10 06:10 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-04-10 06:10 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-04-10 06:10 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

    ==================== One Month Modified Files and Folders =======

    2014-05-01 18:44 - 2014-05-01 18:43 - 00019016 _____ () C:\Users\Mark Fruehling\Desktop\FRST.txt
    2014-05-01 18:43 - 2014-05-01 18:43 - 00000000 ____D () C:\FRST
    2014-05-01 18:34 - 2014-04-14 06:34 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForMark Fruehling.job
    2014-05-01 18:26 - 2009-11-19 11:10 - 01765404 _____ () C:\Windows\WindowsUpdate.log
    2014-05-01 18:19 - 2014-02-08 07:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-05-01 17:46 - 2011-01-05 14:42 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-01 17:42 - 2014-05-01 17:42 - 00002880 _____ () C:\Users\Mark Fruehling\Desktop\JRT.txt
    2014-05-01 17:28 - 2012-02-21 16:18 - 00000000 ____D () C:\ProgramData\TheBflix
    2014-05-01 17:25 - 2014-05-01 17:25 - 00000000 ____D () C:\Windows\ERUNT
    2014-05-01 17:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-01 17:25 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-01 17:18 - 2011-01-05 14:42 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-01 17:18 - 2009-09-14 21:26 - 01604640 _____ () C:\Windows\PFRO.log
    2014-05-01 17:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-01 17:18 - 2009-07-13 23:51 - 00399145 _____ () C:\Windows\setupact.log
    2014-05-01 17:16 - 2014-05-01 17:04 - 00000000 ____D () C:\AdwCleaner
    2014-05-01 16:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-05-01 16:33 - 2013-11-17 08:28 - 00065623 _____ () C:\Windows\IE11_main.log
    2014-05-01 16:16 - 2014-05-01 16:15 - 00280204 _____ () C:\Users\Mark Fruehling\Downloads\WindowsUpdateDiagnostic.diagcab
    2014-05-01 16:05 - 2014-05-01 16:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-01 15:14 - 2014-01-18 06:58 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC0353A6-9735-4F3C-82BC-22F7F04C1FD8}
    2014-05-01 14:58 - 2010-10-19 22:45 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\MOMS STUFF
    2014-05-01 07:55 - 2009-12-28 21:07 - 00000000 ____D () C:\Users\Mark Fruehling
    2014-05-01 07:29 - 2011-09-09 08:12 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Roaming\Wise Disk Cleaner
    2014-05-01 07:29 - 2010-03-21 20:06 - 00000000 ____D () C:\Program Files (x86)\Wise Disk Cleaner
    2014-05-01 05:26 - 2013-03-05 14:22 - 00000484 _____ () C:\Users\Mark Fruehling\AppData\Roaming\.openyahtzee
    2014-04-30 14:16 - 2014-04-30 14:16 - 01016261 _____ (Thisisu) C:\Users\Mark Fruehling\Desktop\zzJunk Removal Tool Download.exe
    2014-04-30 13:58 - 2014-04-30 13:58 - 02061824 _____ (Farbar) C:\Users\Mark Fruehling\Desktop\zzFarbar Recovery Scan Tool X64.exe
    2014-04-30 10:50 - 2009-12-28 21:10 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2014-04-29 09:15 - 2010-01-24 08:24 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\The Paper Source
    2014-04-29 09:13 - 2009-07-14 00:13 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-04-29 07:25 - 2014-02-08 07:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-04-29 07:25 - 2014-01-03 11:37 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-04-29 07:25 - 2014-01-03 11:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-27 07:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-04-26 07:04 - 2011-03-14 07:04 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Local\CrashDumps
    2014-04-25 07:48 - 2011-11-04 21:10 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    2014-04-25 07:48 - 2011-11-04 21:03 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
    2014-04-25 07:44 - 2014-04-25 07:44 - 05315968 _____ (Canneverbe Limited ) C:\Users\Mark Fruehling\Downloads\cdbxp_setup_4.5.3.4746.exe
    2014-04-22 16:36 - 2014-04-22 16:36 - 00000000 ____D () C:\Users\dub_cm_auto
    2014-04-22 16:28 - 2012-12-09 09:32 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\My Digital Editions
    2014-04-22 09:41 - 2009-12-30 01:45 - 00000000 ___RD () C:\Users\Mark Fruehling\Desktop\Microsoft Office 2007
    2014-04-21 07:14 - 2011-12-12 07:09 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-04-21 07:14 - 2010-01-15 21:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-04-17 17:07 - 2014-04-16 16:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-04-17 17:00 - 2009-07-13 21:34 - 00000499 _____ () C:\Windows\win.ini
    2014-04-17 16:31 - 2014-04-17 08:35 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\International Association of Commercial Finance Brokers
    2014-04-17 07:07 - 2009-12-28 21:10 - 00000000 ___RD () C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-04-17 06:41 - 2014-04-17 06:41 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\EMPU
    2014-04-17 06:39 - 2009-12-28 21:09 - 00243856 _____ () C:\Users\Mark Fruehling\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-04-17 06:32 - 2014-02-02 10:35 - 00001229 _____ () C:\Users\Mark Fruehling\Desktop\Download App by CNET 1.6.5.165 (need Internet).lnk
    2014-04-16 17:43 - 2009-07-13 23:45 - 00689616 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-04-16 17:33 - 2014-04-16 17:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
    2014-04-16 17:33 - 2014-04-16 17:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
    2014-04-16 17:26 - 2014-04-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2014-04-16 16:28 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew
    2014-04-16 16:14 - 2009-09-14 21:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2014-04-16 16:13 - 2014-04-16 16:13 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-04-16 16:08 - 2009-09-14 21:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
    2014-04-16 16:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-04-16 16:01 - 2014-04-16 16:01 - 00000000 ____D () C:\Program Files\Microsoft Office
    2014-04-16 16:00 - 2014-04-16 16:00 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Local\Microsoft Help
    2014-04-16 06:32 - 2010-05-28 21:40 - 00000000 ____D () C:\Users\Internet Browser
    2014-04-15 07:20 - 2014-04-15 07:20 - 18134016 _____ (Adobe Systems Inc.) C:\Users\Mark Fruehling\Downloads\AdobeAIRInstaller.exe
    2014-04-14 06:34 - 2014-04-14 06:34 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark Fruehling
    2014-04-13 21:24 - 2014-05-01 16:03 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-04-13 21:19 - 2014-05-01 16:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-04-13 16:13 - 2010-01-04 14:05 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Local\Adobe
    2014-04-12 07:56 - 2009-12-29 13:26 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Roaming\GetRight
    2014-04-10 08:04 - 2013-07-12 08:11 - 00000000 ____D () C:\Windows\system32\MRT
    2014-04-10 07:56 - 2010-01-11 15:37 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-04-08 21:06 - 2011-01-05 14:42 - 00000000 ____D () C:\Users\Mark Fruehling\AppData\Local\Google
    2014-04-06 16:57 - 2011-05-18 15:20 - 00000000 ____D () C:\Users\Mark Fruehling\DVDS
    2014-04-04 21:25 - 2011-05-27 16:14 - 00000125 ___SH () C:\ProgramData\.zreglib
    2014-04-04 20:28 - 2010-03-21 12:26 - 00000000 ____D () C:\Users\Mark Fruehling\Documents\Expressit
    2014-04-03 08:22 - 2014-02-09 06:58 - 00000000 ____D () C:\Users\Mark Fruehling\My Icons
    2014-04-03 06:15 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    Files to move or delete:
    ====================
    C:\Users\Mark Fruehling\microsoft.dat

    Some content of TEMP:
    ====================
    C:\Users\Internet Browser\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Mark Fruehling\AppData\Local\Temp\ose00000.exe
    C:\Users\Mark Fruehling\AppData\Local\Temp\Quarantine.exe

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-04-21 09:24

    ==================== End Of Log ==

     

    Here is Addition Text created when Farbar was executed:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2014 03
    Ran by Mark Fruehling at 2014-05-01 18:45:14
    Running from C:\Users\Mark Fruehling\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    3M™ Cloud Library PC App 1.39 (HKLM-x32\...\3M™ Cloud Library PC App) (Version: 1.39 - 3M)
    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
    Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
    Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Age of Empires III - The Asian Dynasties Trial (HKLM-x32\...\InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The Asian Dynasties Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III - The WarChiefs Trial (HKLM-x32\...\InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III - The WarChiefs Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    Age of Empires III Trial (HKLM-x32\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AGEIA PhysX v7.05.17 (HKLM-x32\...\{27DC856A-0916-4988-8198-8714DDD3183D}) (Version: 7.05.17 - AGEIA Technologies, Inc.)
    Aliens versus Predator (HKLM-x32\...\Aliens versus Predator) (Version:  - )
    Aliens versus Predator 2 Demo (HKLM-x32\...\{45EFEFDC-0007-4D31-A69E-8125F0229ACA}) (Version:  - )
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.5.0 - SlySoft)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.1.528 - Online Media Technologies Ltd.)
    AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.1.487 - Online Media Technologies Ltd.)
    AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
    AVS Disc Creator 5 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.1.2.525 - Online Media Technologies Ltd.)
    AVS Document Converter 2.2.8 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.2.8.225 - Online Media Technologies Ltd.)
    AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
    AVS Image Converter 2.3.2.248 (HKLM-x32\...\AVS Image Converter_is1) (Version: 2.3.2.248 - Online Media Technologies Ltd.)
    AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
    AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.1.2.136 - Online Media Technologies Ltd.)
    AVS Registry Cleaner 2.3.1.255 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.1.255 - Online Media Technologies Ltd.)
    AVS Registry Cleaner version 2.2 (HKLM-x32\...\AVSRegistryCleaner_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
    AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
    AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.)
    AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.4.2.241 - Online Media Technologies Ltd.)
    AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.6.87 - Online Media Technologies Ltd.)
    AVS Video ReMaker 4.2.2.153 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.2.2.153 - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
    Beetle Buggin' (HKLM-x32\...\Beetle Crazy Cup) (Version:  - )
    Bing Bar (HKLM-x32\...\{3A681D82-5167-4418-BEBA-E8991486665B}) (Version: 7.3.114.0 - Microsoft Corporation)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.395.0 - Microsoft Corporation)
    Boku Sudoku (HKLM-x32\...\{6741E797-825C-44C1-AFE7-ED94C4817FBD}) (Version: 1.00.0000 - Topics Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
    Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
    Clive Barker's Undying™ (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
    CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    Daikatana (HKLM-x32\...\Daikatana) (Version:  - )
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.3 - Illustrate)
    Delta Force - Black Hawk Down (HKLM-x32\...\{8FE54D21-8254-4CCF-AEE0-066496AE43F4}) (Version: 1.00.000 - )
    Delta Force (HKLM-x32\...\Delta Force) (Version:  - )
    DesignPro 5 (HKLM-x32\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
    DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Download App (HKCU\...\Download App) (Version: 1.6.5 - CBS Interactive)
    DriverIdentifier 4.0 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
    Duke Nukem - Manhattan Project (HKLM-x32\...\InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}) (Version: 1.0.1 - Arush Entertainment)
    Duke Nukem - Manhattan Project (x32 Version: 1.0.1 - Arush Entertainment) Hidden
    Duplicate Cleaner Free 3.2.3 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.3 - DigitalVolcano Software Ltd)
    EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
    Emergency Fire Response Demo (HKLM-x32\...\{3D9E0F32-83ED-4D59-B27F-EEA19744A51E}) (Version: 1.00.000 - )
    EMPU 2.2.1.4 (HKCU\...\EMPU) (Version: 2.2.1.4 - Indie Softworks)
    EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
    FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
    GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
    GetRight (HKLM-x32\...\GetRight_is1) (Version:  - Headlight Software, Inc.)
    GetSavin (HKLM-x32\...\GetSavin) (Version: 1.1362510617 - Adpeak, Inc.)
    G-Force (HKLM-x32\...\G-Force) (Version: 4.2.0 - SoundSpectrum)
    Ghost Recon (HKLM-x32\...\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    GTA2 (HKLM-x32\...\GTA2) (Version:  - )
    Gunman Chronicles (HKLM-x32\...\Gunman Chronicles) (Version:  - )
    Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
    Half-Life: Blue Shift (HKLM-x32\...\Half-Life: Blue Shift) (Version:  - )
    Half-Life: Opposing Force (HKLM-x32\...\Half-Life: Opposing Force) (Version:  - )
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
    Heretic II (HKLM-x32\...\Heretic2UninstallKey) (Version:  - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
    Hoyle Demo (HKLM-x32\...\InstallShield_{3209C8A2-558C-445C-832B-1AC552F59B11}) (Version: 1.0.0.1 - Sierra)
    Hoyle Demo (x32 Version: 1.0.0.1 - Sierra) Hidden
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    hp print screen utility (HKLM-x32\...\hp print screen utility) (Version:  - )
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    Ico Converter 1.4 (HKLM-x32\...\IcoConverter) (Version:  - Tomatosoft)
    Incinerate (HKLM-x32\...\Incinerate_is1) (Version: 1.0 - Media Contact LLC)
    Insectoid 1.0.2 (HKLM-x32\...\Insectoid 1.0.2) (Version:  - )
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
    Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
    Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
    Juno Internet (HKLM-x32\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: Juno QuickStart - United Online)
    Kyodai Mahjongg 2006 v1.42 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    Mario Forever 5.0 (HKLM-x32\...\Mario Forever 5.0) (Version:  - )
    Mario Forever 5.01 (HKLM-x32\...\Mario Forever 5.01) (Version:  - )
    Mario Forever 5.08 Direct X (HKLM-x32\...\Mario Forever 5.08 Direct X) (Version:  - )
    Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
    Microsoft Links 2001 Demo (HKLM-x32\...\Links 2001 Demo 1.0) (Version:  - )
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mplayer.com (HKLM-x32\...\Mplayer.com) (Version:  - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MVP Baseball 2003 (HKLM-x32\...\{3C8C45D0-3DBF-4DC8-008D-0538032FDC12}) (Version:  - )
    NetZero For Cosmi (HKLM-x32\...\{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}) (Version: 1.0.0 - NetZero, Inc.)
    NetZero Internet (HKLM-x32\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.2.0 - NetZero, Inc.)
    New Super Mario Forever PC (HKLM-x32\...\New Super Mario Forever PC) (Version:  - )
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
    NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
    Open Yahtzee (HKLM-x32\...\Open Yahtzee) (Version:  - )
    Painkiller - Battle Out Of [bleep] (HKLM-x32\...\Painkiller - Battle Out Of [bleep]) (Version:  - )
    Painkiller (HKLM-x32\...\Painkiller) (Version:  - )
    PC Attorney (HKLM-x32\...\{A4CEB917-6912-48AC-8999-588A3F3A8EEF}) (Version: 2.1.0000 - Cosmi Corporation)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
    PKZIP for Windows 9.00.0010 (HKLM-x32\...\{BE8DD809-A406-40E2-AB9F-28E69E737383}) (Version: 9.00.0010 - PKWARE, Inc)
    Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    Pure Sudoku Deluxe 1.52 (HKLM-x32\...\Pure Sudoku Deluxe_is1) (Version:  - Mochek Interactive)
    Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version:  - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
    Rome Puzzle (HKLM-x32\...\Rome Puzzle_is1) (Version: 1.0 - Media Contact LLC)
    Sansa Updater (HKCU\...\Sansa Updater) (Version:  - SanDisk Corporation)
    Serious Sam 2 Demo (HKLM-x32\...\SeriousSam2Demo) (Version:  - )
    Ship Simulator 2008 Demo (HKLM-x32\...\ShipSim2008Demo) (Version:  - )
    SKIP-BO Castaway Caper™ (remove only) (HKLM-x32\...\SKIP-BO Castaway Caper™) (Version:  - )
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
    Soldier of Fortune II - Double Helix (HKLM-x32\...\Soldier of Fortune II - Double Helix) (Version: 1.0 - Activision, Inc.)
    SolSuite 2013 v13.2 (HKLM-x32\...\SolSuite_is1) (Version: 13.2 - TreeCardGames)
    Spin It Again (HKLM-x32\...\Spin It Again) (Version:  - Acoustica)
    SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.3rc1 - Erik Vullings)
    Super Mario 3 : Mario Forever (HKLM-x32\...\Super Mario 3 : Mario Forever) (Version:  - )
    Superpower 2 - demo (HKLM-x32\...\InstallShield_{37C28A3E-ADDC-484F-B7C4-A522B8E559DE}) (Version: 1.00.0000 - Dreamcatcher)
    Superpower 2 - demo (x32 Version: 1.00.0000 - Dreamcatcher) Hidden
    System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
    Telltale Texas Hold'em (HKLM-x32\...\Telltale Texas Hold'em) (Version: 3.0.1.9 - Telltale Games)
    Tom Clancy's Ghost Recon Advanced Warfighter® 2 (HKLM-x32\...\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}) (Version: 1.00.0000 - UBISOFT)
    Tom Clancy's Rainbow Six (HKLM-x32\...\Tom Clancy's Rainbow Six) (Version:  - )
    TurboRisk 2.0 (HKLM-x32\...\TurboRisk_is1) (Version:  - )
    Typer Shark Deluxe 1.01 (HKLM-x32\...\Typer Shark Deluxe 1.01) (Version:  - )
    Uniblue RegistryBooster 2009 (HKLM-x32\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version:  - Uniblue Systems Ltd)
    Uniblue SystemTweaker (HKLM-x32\...\{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1) (Version:  - Uniblue Systems Ltd)
    UNO - Undercover (remove only) (HKLM-x32\...\UNO - Undercover) (Version:  - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
    Webshots Wallpaper & Screensaver version 1.2.3.123 (HKLM-x32\...\{B84DEFE1-0175-47C9-BC1D-8645FCBC0ECE}_is1) (Version: 1.2.3.123 - Webshots)
    Wheel Of Fortune (HKLM-x32\...\Wheel Of Fortune) (Version:  - )
    Wheel of Fortune 2nd Edition (HKLM-x32\...\{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}) (Version:  - )
    Windows Media Player 9 Series TweakMP PowerToy (HKLM-x32\...\TweakMP9) (Version:  - )
    Wise Disk Cleaner 8.06 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.06 - WiseCleaner.com, Inc.)
    WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)

    ==================== Restore Points  =========================

    20-04-2014 19:56:08 Windows Backup
    22-04-2014 11:29:29 Windows Update
    27-04-2014 20:04:08 Windows Backup
    29-04-2014 12:21:26 Windows Update
    30-04-2014 14:32:10 Created by Wise Disk Cleaner
    01-05-2014 21:03:44 Windows Update
    01-05-2014 21:09:06 Windows Update
    01-05-2014 21:11:41 Windows Update
    01-05-2014 21:32:16 Windows Update

    ==================== Hosts content: ==========================

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0083126E-62D8-4FE6-8E2D-C23EB9AF1531} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NNICMJNDJCMKJBJ"
    Task: {044AB1AA-9116-431A-A623-D198E017187F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
    Task: {06466CBA-7D2F-454D-B0B1-8E2F9CCF67CA} - System32\Tasks\{D7493B71-DE9F-4E78-80EF-D7D45FD08C60} => C:\Games\Diablo II\Diablo II.exe
    Task: {06FFA92F-642E-43EA-8AAF-1DB67A96C456} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-08] (Hewlett-Packard)
    Task: {074FE801-7143-4784-AEF5-339EC3A6A587} - System32\Tasks\{5C57E8C2-B71C-4899-AC5D-D6A52519D813} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {081BE352-8B16-4A75-9C4D-061834E6D967} - System32\Tasks\{8E85878D-5B26-4E02-B85C-3AFF3E5DC1E9} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {0B28F9D8-7A64-4F45-9A48-9E39534D7FCE} - System32\Tasks\{42CE8CE1-BF5A-41E9-AEAF-65956A666749} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {0C34D2FA-B547-4597-BFE0-1C017381E3F2} - System32\Tasks\{6CFF694D-01E1-4DBA-9AF8-30522809005D} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {0DD4B46D-0BB8-46B6-B78A-2A26F6961BD3} - System32\Tasks\{EC90FB0E-2F5F-4CD7-9ED7-1E1552914806} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {0EC01673-7C83-4E80-A983-ECC9F6A5AC22} - System32\Tasks\{F86438F0-8C1A-4336-ADD8-03AB7573D075} => E:\PainkillerSetup.exe
    Task: {0F9A873C-2022-4F86-9B86-2140DC7DED7A} - System32\Tasks\{C6976054-92A4-4D7B-9B2D-05B73C68EA41} => C:\Games\Daikatana\daikatana.exe
    Task: {0FA483B9-91E4-4582-B5EB-3F195A43975D} - System32\Tasks\{21EAE0C5-03DB-4008-8DB8-76A3F5E3632E} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {0FDE7191-092F-4311-8DEC-6553D41DD056} - System32\Tasks\{235306DE-BC1B-4DFF-AA47-6C65A697CBC0} => C:\Games\Diablo II\Diablo II.exe
    Task: {10A875F7-1EDE-41AA-8765-F5B1DAD3341F} - System32\Tasks\{D2440506-206F-4B6E-AEB1-0BF3A30C70CD} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {113AF0E2-D67B-44FF-A51F-E7F0806540DA} - System32\Tasks\{EA720F53-F5BD-46FD-96DF-ADC8290C495C} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {142C3A66-5A33-419C-B1E0-DF9D3B805C6D} - System32\Tasks\{0647D68D-BAA9-4E23-91A5-984D5751BF44} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {1466C1B8-D686-4594-9320-9FEE432B76BF} - System32\Tasks\{7A6E6538-0A0E-4D3B-BFCD-64BB0BD0F1EE} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {14F79C55-F558-4E4D-8B48-275842EC9E10} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {15221405-AFB9-4206-B154-6DCC2A1D90C2} - System32\Tasks\{04218AFF-A9CF-4F61-BC42-83610A0E58FB} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {15E01B57-BFD4-4D6B-A2D0-B712883AC77D} - System32\Tasks\{81CD37B6-F1B0-4947-A17C-DF090C8F6088} => C:\Games\Half Life\Half Life\Half-Life\hl.exe [2001-09-14] (Valve, L.L.C.)
    Task: {165120E1-A4EC-44F2-96E0-3C4D5E36A6EC} - System32\Tasks\{4DEBE53C-802F-42BF-AC1D-FD1DB04B0477} => C:\Games\Links 2003\LinksLauncher.exe
    Task: {16793AF1-574C-4CC7-9A4D-535D63D2A5BE} - System32\Tasks\{10FBEE51-9A6B-4115-92E3-DD5E8EC60AC2} => C:\Games\Risk 2\RiskII\RiskII.exe
    Task: {181B79E1-0C3F-49A6-B96E-020B520F3BBF} - System32\Tasks\{541DE703-CD3B-4A5C-8614-99B403F84897} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {18C249DA-EEAB-4C26-9EA1-E31FC980174D} - System32\Tasks\Run RoboForm Process => C:\Users\MARKFR~1\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION
    Task: {19DDFD8C-5C1A-4114-B429-851F2412805B} - System32\Tasks\{549E0AB7-97C8-42EE-924D-5864AB59499E} => C:\Games\Archangel\bin\Game.exe
    Task: {1A02EAD4-C067-4472-9996-134071420A79} - System32\Tasks\{F2F42A2E-7A1C-4B2E-A3F9-D403D6A8000F} => E:\PainkillerSetup.exe
    Task: {1B9073EE-A2B5-4899-94E1-7776A85BA36E} - System32\Tasks\{ED64EF29-E5D6-42AC-88F7-928E04E115FA} => C:\Games\Half Life\Opposing Forces\OpFor\hl.exe [2001-04-20] (Valve, L.L.C.)
    Task: {1C2BB88E-A5D6-4E93-957F-1572A68E6AD8} - System32\Tasks\{B6F62547-A7C0-4D43-8C91-88313844CB22} => C:\Games\RiskII\RiskII.exe
    Task: {1D2676A2-237C-4C18-A1A7-7E52C9C2889F} - System32\Tasks\{BD26A867-1FB0-45C6-89A7-27D6F393056E} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {1E122CDE-2B32-45CE-ABA3-8DBB224B0F5F} - System32\Tasks\{A7C862B3-8D5C-4C6C-9438-0611C882249C} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {1E187248-3CEF-48E1-B453-E7E35BE0DBD7} - System32\Tasks\{38BF4D03-CE61-4E96-A487-F5BE82E22967} => C:\Games\Raiders\RaidersDemo\SOFRDemo.exe
    Task: {1F0BD1BA-26CB-4740-BA73-1BB11EFC820A} - System32\Tasks\{63A7C6AF-BA32-4591-910A-2CF13AE1D6DD} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {1FDE531E-7561-437B-BF92-8ECFA4695653} - System32\Tasks\{2A8D54E6-2F0B-47D8-8ABB-BA6E2D23B4B7} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {1FFD2244-B6B8-47EF-AB5B-88CA56207A8E} - System32\Tasks\{5A6C13E9-83E6-4688-8EB4-D8C0362D2EDE} => C:\Games\Diablo II\Diablo II.exe
    Task: {23223505-972D-4353-94A0-4A2E870E4362} - System32\Tasks\{8992F95E-D69C-4262-B22A-E470601E4CB2} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {2323327D-4310-4F79-8EE0-903512D540DF} - System32\Tasks\{6CE8F3FF-5CCA-44AB-BC2D-7279E07CE1DE} => C:\Games\RS Lockdown\Lockdown.exe
    Task: {241316D5-B7A9-409B-B7D8-572F1A92B0F5} - System32\Tasks\{9E3882F7-B347-4D4F-BB90-7DC0D2CF93A0} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {24998B2D-AF44-4ABD-90AA-335CBC10507D} - System32\Tasks\{FA21E9FA-2897-48C6-9677-7C3E71CA3A8A} => C:\Games\Links 2003\LinksLauncher.exe
    Task: {25AD65F7-D509-44FB-99A1-052D1C9174A8} - System32\Tasks\{3589815B-E3E9-42FE-B242-112D057F1F13} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {25FAE7E9-5D82-4485-B1A5-200E9FD3A0AA} - System32\Tasks\{8CCCF639-6A12-417A-8DDD-BDC08E25A84B} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {2724FFA6-B59E-4137-A99F-FB59FC985199} - System32\Tasks\{961D3062-D094-4FEC-A095-237B3F179362} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {285E7994-9A73-4EE7-B29D-C0DC995B9BCB} - System32\Tasks\{87544111-FE83-4325-B124-F3DB12269196} => C:\Games\Quake 4\Quake4.exe
    Task: {28B4B1AB-4227-4897-A5F8-28F88F6B233D} - System32\Tasks\{DF9CDDD7-BBA6-41C4-AA9D-D24356A03D6C} => C:\Games\Nukem Manhattan\DukeNukemMP.exe [2002-05-02] ()
    Task: {295095C6-0664-48F0-9BFE-424A7364B913} - System32\Tasks\{5AB34B02-A488-4D7B-8A27-D80B9B3D3E1F} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {29ECD8D3-03AB-4B53-9EFF-CAA68357C5C7} - System32\Tasks\{63FA5605-AED4-4BDA-ABD0-22BCDF95DA80} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {2A279509-21DF-41E3-94CC-52F2672C7F1E} - System32\Tasks\{158F349D-3B63-4C2B-8298-0E168740E602} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {2A82314E-F63C-4E4F-A8CC-331196691396} - System32\Tasks\{093BF82E-7933-48BB-A5B8-D318188F5339} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {2D0D9EEE-5EEA-4A71-8ACE-66F17086808E} - System32\Tasks\{56DBF68A-30DB-4B74-96EE-D7F0F0D9E1E9} => C:\Games\Risk 2\RiskII\RiskII.exe
    Task: {2D3B5D8F-9C14-4F35-A8B6-0977B236B4D1} - System32\Tasks\{0BA8BA9C-C2E3-4D31-8B83-B34B4CC72EF5} => C:\Games\Quake 4\Quake4.exe
    Task: {306AC5E7-C53F-485C-B41C-E16C1F3325C3} - System32\Tasks\{F8E89E65-872B-446C-93F4-BE58E5F7894B} => E:\SETUP.EXE
    Task: {31DFBFB9-0BEF-4414-A3A0-B5E4D9645E05} - System32\Tasks\{33ED24AD-C985-4269-B9E0-C925CC6E194D} => C:\Games\Ghost-Graw\GRAW_PC_demo\GRAW_demo.exe
    Task: {32C205FF-E842-411C-9952-7BA728D67ED2} - System32\Tasks\{4F3C6C20-3B2C-437E-84D1-BBB0EDF0D10C} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {35BEC742-9C04-4B75-A375-8925A66FB475} - System32\Tasks\{1A01A98C-5676-4D8A-B547-B8D72B6863CE} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {35F2B146-D71A-4F80-982D-4F4ADDA5E636} - System32\Tasks\{2E0C500C-E78C-4083-BE74-6CD7A3D4198F} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {365A46F9-5EA1-462F-A7EE-8305FA8ADC0D} - System32\Tasks\{E7B06C45-17FF-4607-BC01-380687F6A10B} => C:\Games\Ghost-Graw\GRAW_PC_demo\GRAW_demo.exe
    Task: {38B09BFE-07E8-4A90-B056-974A14029C5C} - System32\Tasks\{2AA8D942-726A-4071-9E6A-B8238E97C579} => C:\Games\Raiders\RaidersDemo\SOFRDemo.exe
    Task: {38DD8C7E-F9C4-4DEA-8CBE-F7F2497843FA} - System32\Tasks\{B3A77C92-DA8C-4DFF-87AC-D011BDB1C16E} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {3A11347F-265B-4C0F-8E56-8AC5DE55307E} - System32\Tasks\{AE48FB83-C797-4167-8BBA-39EF2494C533} => C:\Program Files (x86)\Doom 3 Demo\Doom3.exe
    Task: {3B08829A-0D84-4DE0-A96B-222B7F4DE15B} - System32\Tasks\HPCeeScheduleForMark Fruehling => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {3B329884-0CFF-44A4-B7EE-4763C9A7C541} - System32\Tasks\{A5B3B50B-76D3-413E-92CE-00018CDCB091} => C:\Games\Diablo II\Diablo II.exe
    Task: {3B704C1F-9627-4D83-A827-5AEA1FF383D7} - System32\Tasks\{3CDCB72B-DE71-45E9-ABAC-FDF361C7CB81} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {3C01836A-B6E5-404E-B272-7C8D38960D23} - System32\Tasks\{763DF7BB-A894-49D0-8B7F-CAD01AFEB815} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {3C209F24-016C-4E60-B9F5-1CB649D5D14A} - System32\Tasks\{A159E5B7-372D-40FC-BABE-BC7E288670BA} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {3D1E2BFB-65C8-4C28-B9A3-5F68146641B7} - System32\Tasks\{95CFFD2F-82F8-4169-A923-D427BA625048} => E:\setup.exe
    Task: {3DF5EF8C-D920-40E6-AA8C-76445EDECB77} - System32\Tasks\{D73A239E-2FD9-44B5-9937-4B736C4771B0} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {3DF76373-2296-47C3-A0E6-8EE64AC0D591} - System32\Tasks\{F9E691E6-0643-4E7C-BDC9-5EE2CF1E4D2C} => C:\Games\Half Life\Half Life\Half-Life\hl.exe [2001-09-14] (Valve, L.L.C.)
    Task: {3E8246E6-794B-42C5-8CED-5CD7FD71AF23} - System32\Tasks\{8C8463BB-BD6B-43DD-BF86-D4575F509EA8} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {3E855FC1-278C-479E-B989-E0B61638EDBE} - System32\Tasks\{42FCFFC7-9E43-4700-9D92-AF2295D91DBC} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {3F4654FE-9058-4A96-827D-2EA1A5FD622D} - System32\Tasks\{BC4D6765-1BF0-49EF-A40A-0C7514B4C3C2} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {3FC776F8-6474-4876-9C7C-97B387870531} - System32\Tasks\{76AEF90F-73A2-494D-BEF9-FFE54880EDA3} => C:\Games\Delta Force\Df.exe [1999-02-19] ()
    Task: {4116F9E7-C2A2-43D4-87FD-978B783ACAAF} - System32\Tasks\{64341BEF-72B4-496D-A70C-E8844E06BB5A} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {423542CE-6A1F-4A8A-B8A7-903D3C30C50F} - System32\Tasks\{9DA52046-4AA6-4625-9C3B-4F08C1B494E4} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {429343E3-2C06-4F3E-9E3B-DF3B5E0FEF22} - System32\Tasks\{CAED890B-4826-4C76-9F56-85600D9FEA87} => C:\Games\Pure Sudoku\PureSudoku.exe
    Task: {4298377F-FA20-4C37-9F9C-444620ACB1AE} - System32\Tasks\{418F64E7-E43E-41FF-800A-B9221DC7FDB7} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {431AAFBC-A48B-4A70-A18F-3A2BBD9773D8} - System32\Tasks\{C3EECAEC-6EEE-4B53-B313-1B92BD393EEA} => C:\Games\Rainbow 6\Raven Shield Single Player Demo\system\RavenShield.exe
    Task: {4460506E-D191-4B7C-A567-50204B9FACA4} - System32\Tasks\{CC46F1EC-F510-4E30-8B9C-75A519A936CF} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {44B1243E-C931-47FC-8FD5-3426D1B8BB3D} - System32\Tasks\{15A36ABF-2B6C-4856-9DD9-172930FC1C8B} => C:\Games\Archangel\bin\Game.exe
    Task: {45BC68D9-AE07-495E-853A-02C069EFC876} - System32\Tasks\{53A8AD0E-DA35-40C4-A166-B79D9BD1BCEA} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {47BCF5FD-7783-4B87-B34A-F105F0087DD9} - System32\Tasks\{158B20E8-52C7-4E20-8D96-096F7F371228} => E:\setup.exe
    Task: {48F5F9A9-A344-47DA-A5FB-1016945D0FFB} - System32\Tasks\{BD51E997-0637-4A36-AA03-D2F0D10A87AE} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {4AD2D016-CA6D-4E78-86EF-4E97CA72A3A8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
    Task: {4C54CE25-684F-476D-9CEB-7B5F8B9E66AB} - System32\Tasks\{BDB7FBDE-529F-4B6C-BF38-2F10AB137CCB} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {4E216513-FF35-471A-A9D9-5C1D1E95D3FE} - System32\Tasks\{5365B520-9788-437C-A21B-F2CB357D57BE} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {4E5A1AA3-6A0E-44E7-BAB6-AEA5000BF2F6} - System32\Tasks\{C3B931B2-E644-4555-9914-2CC7FCC31FEF} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {4E75259C-E2C3-4997-94BF-EBB15D0B92E4} - System32\Tasks\{C4666E3C-8936-45D6-9C12-34401C149275} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {4EB72857-0ECD-476A-829A-9D1B54AF4CD4} - System32\Tasks\{45EAB627-F35A-40A2-A688-27DAA51ACE96} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {5009CB5C-12AC-40A0-9309-625E47E80BDB} - System32\Tasks\{11155245-C649-41B7-A5BA-817ACECE6036} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {538D74D9-00FF-4642-8FFD-8C1763CE502C} - System32\Tasks\{3AE829C3-2444-48F7-88E2-F4835193ED86} => C:\Games\Quake 4\Quake4.exe
    Task: {551D1E77-9CE5-454F-9C15-10A73FF766FD} - System32\Tasks\{2B7EBFA0-3E95-4FC3-8D60-3C5F3DABF6A3} => C:\Games\Black &amp; White\runblack.exe
    Task: {5698B9F9-ADEE-480D-9999-A1A3A5175970} - System32\Tasks\{5408A2AA-5FEB-4B07-A51D-282726526348} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {56AEE2E5-CD63-41B3-8076-48BD17836AD8} - System32\Tasks\{FF2AEB86-EE5E-418C-B408-E2C23828D267} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {57D54556-0A54-4A14-8BAA-3BA0BF07AC75} - System32\Tasks\{83530B36-E083-41EE-8C95-8CF04A31945C} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {57DBC0D8-0323-4FBF-A1FB-A1C8451F9603} - System32\Tasks\{BC688DAD-619D-4159-80BF-3D0A74170590} => C:\Games\Doom 3 Demo\Doom3.exe
    Task: {59569283-2903-44E5-9415-A9AB7EAE7BF3} - System32\Tasks\{DBA4DDCE-0E1D-4C88-B2A9-11B177063E5B} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {5A18BDEE-3FEE-4727-83EF-572CAA37A1BB} - System32\Tasks\{BAC5F6C7-CFA3-4F84-A223-D955E132506C} => C:\Games\Quake 4\Quake4.exe
    Task: {5A546B40-4FF4-454B-9DC2-2B36611A009E} - System32\Tasks\{B210495F-6257-40ED-99D7-DA74F4BF8DD6} => C:\Games\DF Black Hawk Down\dfbhdd.exe
    Task: {5AC02592-F10E-4FAD-93CD-785E169EEC52} - System32\Tasks\{0CF8A41F-C279-4691-89D7-867E9A6E6185} => E:\setup.exe
    Task: {5BC71E22-9994-4AA7-92EB-BE38565ADF2D} - System32\Tasks\{F57B2B05-90DB-45CB-8A06-E0EE5FB3F748} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {5BF154A3-5E44-41C1-A449-41C392AD585E} - System32\Tasks\{7B39EC85-4ADC-48BE-B52D-503050623BF9} => C:\Games\Call Of Duty\CoDSP.exe
    Task: {5C37BC1C-6067-4441-8F32-C66B01F6E579} - System32\Tasks\{C8F7CFDC-2F4B-425E-9CD2-6A01A2D32EB4} => C:\Games\Nukem Manhattan\DukeNukemMP.exe [2002-05-02] ()
    Task: {5C4A865D-DDCE-429E-BF39-9294D0CBF1AB} - \dsmonitor No Task File <==== ATTENTION
    Task: {5D20F672-64F4-4A14-8B36-C225404C170E} - System32\Tasks\{D43315C5-3733-4C67-9F21-3C7EFFC56F32} => C:\Games\X-Com Enforcer\X-Com Enforcer\System\xcom.exe
    Task: {5DB4E2A9-99D2-40A5-951B-CFF9F59363A3} - System32\Tasks\{F4B04656-8D0F-4236-A01F-9AE7404DBEE5} => C:\Games\Doom 3 Demo\Doom3.exe
    Task: {5E276043-9160-4E02-A756-4CC359D35A6D} - System32\Tasks\{74FF65E2-0AD7-4FCC-A2BE-F204A1B7C3B5} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {5E28EFD4-18A7-4148-B75E-F859B966EF17} - System32\Tasks\{970249A3-71CA-450C-8DED-DC5989530C12} => C:\Games\Delta Force\Df.exe [1999-02-19] ()
    Task: {61DDCD9A-EDE3-4F2A-AFC1-2F54BC7BC40A} - System32\Tasks\{745E16A9-5540-42C3-8957-2D0E43E9E817} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {636C23C0-7643-4B5E-A9DB-755077D25FBA} - System32\Tasks\{64A1468C-F395-4F32-BD7E-88B994CD984A} => C:\Games\Delta Force Xtreme\DFXDemo.exe
    Task: {6434E0AF-4079-4625-9647-58D542CAAC49} - System32\Tasks\{A439E7EE-35F9-4EC8-A009-5A3646808130} => C:\Games\Ghost-Graw\GRAW_PC_demo\GRAW_demo.exe
    Task: {655160DD-DC77-4694-89A0-A9F86AD994AB} - System32\Tasks\{6A05DEF8-424E-4E78-A5EB-48360C74C85E} => C:\Games\Nascar Thunder 2003\NASCAR_Thunder_2003_Demo.exe
    Task: {67750EBD-2440-45C3-94CA-B9345CB50333} - System32\Tasks\{DEF79C18-00ED-49DC-BB6F-2C7F5420A9F5} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {695B267B-C976-4A17-9627-6BE5A99B8025} - System32\Tasks\{3CC19815-B5E8-42A8-A0B9-0E37E21D28A9} => C:\Games\RiskII\RiskII.exe
    Task: {6B1CADF4-6D98-4D9A-9B7C-5132D992A10B} - System32\Tasks\{52A04CD2-E39B-4613-82F9-D44AC10CA7EB} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {6B2BFBC9-16CC-4E4D-AEB3-87C4980813C6} - System32\Tasks\{4D5F7D8B-AAC6-4388-9FFF-9B127A5889E2} => C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
    Task: {6B7F4B3B-5236-4D25-A9F6-A807A55F368D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6D48676F-5516-4BCD-8126-6BCA14D09EA0} - System32\Tasks\{28B97773-C609-4305-AB22-69C33E2B89C5} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {6ED0BCCB-3054-4628-B251-A311F7F6756E} - System32\Tasks\{E1DA3684-3D5D-470B-8C4C-58DAEF11C833} => C:\Games\Archangel\bin\Game.exe
    Task: {6F8B42AD-65E5-4177-A52A-31C75DC76CED} - System32\Tasks\{604F116B-5A13-48FC-ACF8-8CE6D739260A} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {7058D7C1-5A85-460C-BA83-825E4960A150} - System32\Tasks\{C7569741-BC23-445F-9D3B-9F139F9633EA} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {72EFA082-C15E-4023-933D-C131A1C39A74} - System32\Tasks\{6B24A5AA-87D4-4295-B9BD-808D9A5C4FC5} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {754BAEDC-4CCA-4F6F-BAE9-627359977FDF} - System32\Tasks\{C9D0B0F9-8953-4231-9E24-ED754B0E0652} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {77F836E6-0041-420B-8AC5-B67003E1ECBA} - System32\Tasks\{82778454-0A14-4EE4-B81B-F481B02E77F3} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {7A5CC916-EB68-4561-85DB-C053DB73CB7B} - System32\Tasks\{45CFF0D2-D530-4334-A673-AF22BA242BEE} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {7A9484B3-21D8-4304-B4C8-4DE09253A36B} - System32\Tasks\{409EC6A0-0AAB-4EBB-88F3-A7473C5504B5} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {7B3A1E15-D10D-4CFD-B7A1-41C5013BB64B} - System32\Tasks\{EE5119B6-70CC-45EC-A7FC-5364350F6453} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {7D3D6DBC-9617-470C-A1B8-F4C944C905E1} - System32\Tasks\{0D904D6C-C856-4514-AEA2-6E03544073E4} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {7D72DECD-7950-42E9-B3C1-8F7AD4F37A37} - System32\Tasks\{8507AD6B-75D5-4662-A942-5809C09349AE} => E:\Painkiller_BOOH.exe
    Task: {7D94EEC5-4DF0-470F-A97F-A1EC3430F89D} - System32\Tasks\{CE270619-FCE2-4526-B99B-880F565089EA} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {7EB0CD3C-A322-4266-ADCB-8F451E4E76E9} - System32\Tasks\{A1BD1E65-0872-4528-82CC-649F63976E82} => C:\Games\Quake 4\Quake4.exe
    Task: {812C64F0-32A6-4821-B71B-D826D4F08E0F} - System32\Tasks\{6ECE0108-C2D0-4750-89BC-2B635FE35BF4} => C:\Games\Daikatana\daikatana.exe
    Task: {819D991F-448B-4D09-A485-15F46A5BBB3A} - System32\Tasks\{0725B3FE-57B6-47EC-BF44-EAF295CF42EB} => C:\Games\MVP Baseball 2003\mvp2003.exe [2003-03-07] ()
    Task: {81E6B26C-BFEF-4278-AEB6-54A45C88D97D} - System32\Tasks\{F667AD0D-838B-4B36-8D02-AF4C5AD4908D} => C:\Games\RiskII\RiskII.exe
    Task: {82221CA7-F2FB-4969-8DE1-42653738DC79} - System32\Tasks\{68C3A782-9415-44BD-A929-425FB5278014} => C:\Games\Halo\halo.exe [2003-09-04] (Microsoft Corporation)
    Task: {82D635F3-9793-4255-A9DA-4613DD596442} - System32\Tasks\{AD23FD96-96DB-42C3-9887-806F80899F33} => C:\Program Files (x86)\Beetle Buggin'\beetle.exe [2010-01-26] (Efecto Caos S.L.)
    Task: {834C5004-56D5-45F4-8B8D-ACC3A6A2E124} - System32\Tasks\{C7399E6E-E93D-4018-946C-269774500F8C} => C:\Games\X-Com Enforcer\X-Com Enforcer\System\xcom.exe
    Task: {841D3FE3-3AB6-4F2C-B4CA-39526A6BA9CF} - System32\Tasks\{0AD17D6D-82B7-4548-A862-615DD2F55D8E} => C:\Games\Gunman\Gunman\gunman.exe [2000-11-12] (Rewolf)
    Task: {85F345D3-671C-4EEB-AB33-561C2BEC0994} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {861C284A-DDCF-4FF2-A5B3-A018179AC107} - System32\Tasks\{E13C8A2F-D98A-4658-B22A-03F42EA8959D} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {874D69E6-1E40-49A8-B2FE-37BD6DE5644C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8754FF3C-BC87-4264-ACBA-D153E4E4A96B} - System32\Tasks\{BC42ECE1-3246-4446-96CA-83E9BA84C18C} => C:\Games\Half Life\Blue Shift\Blue-Shift\bshift.exe [2001-04-20] (Valve, L.L.C.)
    Task: {87596F8E-FB74-46DE-BF88-5F7938A06168} - System32\Tasks\{A5F01FF5-B50B-4E1C-8DC5-F0B0DAFCF4A4} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {8951572E-D9B9-4EE9-9AFA-EEA4EA2B46F5} - System32\Tasks\{53ACFA56-FA37-4B77-96F0-35382ABBC3D0} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {8B4CD0D4-8B22-4248-A3BE-02078A2D1422} - System32\Tasks\{7A298186-90F9-47F1-BDD9-8DB1F65A4EEB} => C:\Program Files (x86)\Doom 3 Demo\Doom3.exe
    Task: {8D11F619-6714-4B18-8ED9-98AD7F98B8CA} - System32\Tasks\{FB268BC3-88EE-4153-9433-B6AFF825AAF4} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {8DFD5CE3-B889-4439-83E7-D838CA816630} - System32\Tasks\{D93B2A40-A706-444E-AA70-08B1B4C076AC} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {8ED37AEA-690F-44C9-837D-CF3F6263CE61} - System32\Tasks\{4CABDAD1-988A-4178-84DA-634B0576F56D} => C:\Games\RiskII\RiskII.exe
    Task: {8F994380-C15F-40FA-8BDB-D116F1B888F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {9072E7A3-7108-4F1A-A8F2-098DA5B42E15} - System32\Tasks\{985FC92D-3B30-4E33-8FA7-597B2E58CA6D} => C:\Games\Doom 3 Demo\Doom3.exe
    Task: {911CFD23-500C-4FF9-ADA4-251822BB286D} - System32\Tasks\{F4FDF1D2-D63A-41DA-AF3E-4DF5F6B80C2A} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {91AEF6A7-539A-44CD-B79C-A38E334F72A9} - System32\Tasks\{9F9D7744-5955-4E8E-BC28-0A7923623043} => C:\Games\DF Black Hawk Down\dfbhdd.exe
    Task: {94EB8152-150B-4692-9815-D251FBD1D85C} - System32\Tasks\{9C0BD239-572B-4977-A2C4-360AE2BDB2B2} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {96C7FE2B-4E5B-4159-B1CB-33AF451A93BE} - System32\Tasks\{DD3C3CE8-BE8C-44FF-9E36-48C891FA143C} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {9745F3A0-4556-4FB2-A1A2-8AC2AF2FE5AD} - System32\Tasks\{E4085DD6-6D53-439A-9E49-188B07CC3510} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {98710BA7-4959-4AB7-B003-F43043B2C0E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {98A7CBC7-BD6E-4330-B0FF-DC301075FAFF} - System32\Tasks\{0CE281E9-B321-4670-AFC7-678ECD2BA27D} => E:\PainkillerSetup.exe
    Task: {9909A606-29BC-4807-8A43-742D450C6E7D} - System32\Tasks\{1DFCE728-FADF-4746-8697-AA3848F864D3} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {9B9F1731-A7D8-4D73-AA3D-BC92A510ED92} - System32\Tasks\{36D712B0-9E98-482B-8031-2BCF10088F92} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {9BC7DC30-4DD7-4E82-A4ED-2E31D15F788C} - System32\Tasks\{0AF82B01-2E5C-401B-8B88-130DBD45BCF7} => C:\Games\Doom 3 Demo\Doom3.exe
    Task: {9CAD780C-FA3D-4081-BEB6-DBDF07C0E691} - System32\Tasks\{2B140CB2-1BE2-479C-B721-F5D10249C97E} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {9E674FA0-EED1-4DA8-A9DD-123900D95978} - System32\Tasks\{99F8D0D4-3E04-4999-85BA-75A5968BD0C3} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {A067AA63-935F-4F72-96E9-E5B3C3D14195} - System32\Tasks\{0819DBAD-E634-4433-8F62-33B3D6EA24C9} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {A1B52636-AC77-4746-A586-19CD653D87B0} - System32\Tasks\{A5DDE846-638A-4E26-A852-716794BECDFD} => F:\Downloads\012710\AddictionDemo.exe
    Task: {A1D9C03A-B26D-4CAB-9C4E-E9F2AF75431E} - System32\Tasks\{0F11EC16-A81C-4116-88F1-3AF45E19F47F} => E:\setup.exe
    Task: {A25EBC02-E0BA-421C-AC4B-3F06030B05B9} - System32\Tasks\{D3AF0B88-ED14-481A-87DB-F1BB0B777267} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {A3EEAC60-F05E-4F0F-945F-37F6239C081E} - System32\Tasks\{28F7F17E-B853-40FD-8685-68F5E78CC494} => C:\Games\Diablo II\Diablo II.exe
    Task: {A44BD0D8-9B3C-435C-AFF1-146233F8DD6F} - System32\Tasks\{C88066FB-9348-4B75-A4D2-6B7D118C49CB} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {A48BE571-C552-4CEB-AF1E-64954959A137} - System32\Tasks\{CDB227B5-76D9-49E6-8A1C-D29107983892} => C:\Games\MVP Baseball 2003\mvp2003.exe [2003-03-07] ()
    Task: {A572E001-282C-4943-9835-18B64F40B548} - System32\Tasks\{EFE1BFF7-22F8-4152-9E2D-142C6D5007AA} => C:\Windows\IsUninst.exe [1998-10-29] (InstallShield Software Corporation)
    Task: {A625E34E-4E46-4CD9-8122-1D498526A1CD} - System32\Tasks\{D060D517-345E-470B-A1DE-89A21A6CC1A5} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {A66BBD78-EE7C-42DB-B382-865F38B952A3} - System32\Tasks\{A1CB51A3-77DD-4113-91E2-20616D8D2211} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {A848CD5D-4857-4A49-85A0-12A89277BD3F} - System32\Tasks\{A869A5C9-693E-4124-838A-84F8CC2BAF97} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {A94E0923-4A7F-49C3-AEBB-5D86E5A9FAA2} - System32\Tasks\{CB0F03DA-3494-4671-9D1B-0B5159587744} => C:\Games\Quake 4\Quake4.exe
    Task: {A95F2024-81E4-4D12-B7A8-F3ED65C7B03A} - System32\Tasks\{7F0325C6-0E06-4BDC-A3CC-785DD35DCAFA} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {AA1FCE12-17AC-499E-B56F-3FC54170CE38} - System32\Tasks\{3B0C8662-DD40-441E-BE89-3F1CB9D0A2EF} => C:\Games\Nukem Manhattan\DukeNukemMP.exe [2002-05-02] ()
    Task: {AA320F71-2BCA-423B-81F8-0C88565DC684} - System32\Tasks\{EA17DC41-8C07-40F4-994F-E87FA1740B1D} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {AA5820D0-9351-4CD0-B723-AE6876B442A9} - \YourFile Update No Task File <==== ATTENTION
    Task: {AACD2312-CA41-43EF-8442-AAA0A24EEC06} - System32\Tasks\{5A9231DC-5125-4B80-8B81-73FC123809CB} => C:\Program Files (x86)\Doom 3 Demo\Doom3.exe
    Task: {AD4E086E-D2D8-4B4E-A12C-195E74AC73C2} - System32\Tasks\{3550D480-1756-4DA4-8733-7EBA467C67F1} => E:\Painkiller_BOOH.exe
    Task: {AD50F888-ECF3-4BB1-AA25-DA1498E74B68} - System32\Tasks\{18A082DF-8D51-4B55-9DE1-575A58DA652D} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {AD58245B-1C15-45AE-8C4D-509A1681DC7D} - System32\Tasks\{64578691-0E00-411E-A9D3-C96CFFC5B15F} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {AE0B3D53-1C7C-414B-AB1E-963ACA1CE2B7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {AE105D43-02FB-49C6-A2FA-E25F043F4D4D} - System32\Tasks\{FFB8F020-185A-4FA3-9918-87EAAF22B8B6} => C:\Games\Links 2003\LinksLauncher.exe
    Task: {AE21DDAD-1CBC-4069-97FF-F993A1278A8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05] (Google Inc.)
    Task: {B1B31152-F1D4-44DE-9D6E-AB09E7D1AA0E} - System32\Tasks\{B2AACD81-D488-4372-93F9-4A58C4FFF029} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {B28F2041-D71F-4EDD-BDBB-B67EEDE38664} - System32\Tasks\{C8AD1DBF-4878-4940-803F-12BFC64F3B38} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {B3FEB538-FBB5-44CF-9AEF-C37301F97CA3} - System32\Tasks\{3685C70E-6733-4B20-99AB-04CBF5726131} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {B428A7E5-6861-42D3-B78E-5E00CBEB342F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05] (Google Inc.)
    Task: {B4F1F45A-F674-4A4F-AC4B-0F3A369EAD33} - System32\Tasks\{1BB7C7F2-BF6F-4031-B364-820D30727556} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {B60E8704-82D3-4E58-920D-73CB5A641DD3} - System32\Tasks\{348DD1C6-58D7-40F5-9250-8505FEC8BCBA} => C:\Games\RiskII\RiskII.exe
    Task: {B6871B92-0B59-4F7E-BFBF-F62F872E75AB} - System32\Tasks\{921567DE-E324-4473-AA8B-A80C9AAE4BC8} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {BA3533CD-3650-43A8-8E61-C091EF557DB0} - System32\Tasks\{72206003-5489-4127-A63D-65A9A4D70070} => C:\Program Files (x86)\Doom 3 Demo\Doom3.exe
    Task: {BAB961C7-DC6B-41DC-BEF6-2C9CAEC8BE90} - System32\Tasks\{789D9143-C5DA-45D3-95AF-2E8B6C9E14F2} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {BB2080CD-98C7-441C-8F12-112BEF354442} - System32\Tasks\{A4994CB4-EDA3-4094-B63C-B90DACCA51B2} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {BD4825C6-6B35-40C0-B729-6E22E8B78ABF} - System32\Tasks\{3EBD1666-BDB8-466A-A635-0A75DEB25A9A} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {BE3E054B-987D-4145-89F5-BAA6E1F3DC39} - System32\Tasks\{613658B9-C08E-48D0-BF1A-705ACFC64DF4} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {C082D9EF-87A8-47A4-BD88-A3E5E6197C30} - System32\Tasks\{B6E735AE-2277-4ABA-AB0D-74CC7B20F893} => C:\Games\Quake 4\Quake4.exe
    Task: {C09D515C-871B-418D-A574-3014C7FAE48F} - System32\Tasks\{21580FDD-E14A-45FD-9EC6-80A9E22A2191} => C:\Games\Ghost-Graw\GRAW_PC_demo\GRAW_demo.exe
    Task: {C16EA49F-D570-47BD-97E8-E5356D0C8E1E} - System32\Tasks\{D028CE1E-155E-41A2-A7BF-48B8A64D1350} => C:\Games\Risk 2\RiskII\RiskII.exe
    Task: {C257F359-D9B8-43C9-A534-E429E3D8CCA9} - System32\Tasks\{7BF854B1-69A4-4D24-9EF3-E18A14AA9C8F} => C:\Games\SOF 2\SoF2.exe [2002-05-03] ()
    Task: {C29056E9-9AF3-45BF-800A-1E11759E37F4} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
    Task: {C4B16FBA-C3FA-4674-84B9-2A0AE819A983} - System32\Tasks\{8539ADB4-340E-4BD9-A5EE-3FDCBD056B6B} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {C4E94310-5178-4237-BA8A-5DDF14BA2D7A} - System32\Tasks\{A84E2E8C-056C-48FA-86CC-3FCF386D2508} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {C710ABB5-AC54-4524-AF7C-864BF0195FCB} - System32\Tasks\{A7925A5E-5217-4628-8E96-7613440AC901} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {C793361F-31A1-43DE-B202-0041ABFDD49A} - System32\Tasks\{7D38B981-5CBD-49DE-8314-8A068B55384B} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {C955CDD9-F0F7-4982-B6D7-022BC313EA5A} - System32\Tasks\{92912CD4-F3F9-4927-AB00-E243492FFEE5} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {CB249688-D39A-41F1-875A-2B035920FB8B} - System32\Tasks\{D643E949-69E4-4E4C-BC80-D61A4B2767DC} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {CC7154C6-6D24-455B-BC2C-93B861026820} - System32\Tasks\{568E72A1-AC88-4EE2-8342-4267B54C81AA} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {CD15BBEF-12AA-4977-BB7A-A2E66EAB5798} - System32\Tasks\{1EB1157B-3BD7-484A-AA09-585D0960A019} => C:\Program Files (x86)\Beetle Buggin'\beetle.exe [2010-01-26] (Efecto Caos S.L.)
    Task: {CDA825F9-3519-40B6-9908-12FB6764225E} - System32\Tasks\{C6ABAEB6-9BC1-4CE4-AF71-340C2C44F026} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {CE19847D-BEE9-4E5C-9AC1-BBDD68D7D014} - System32\Tasks\{2905786C-7AC4-48F6-9FC3-FDE32EA9302D} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {D0DA055C-BAD1-4ECF-8B44-E1794CA7D3BF} - System32\Tasks\{CA12EFAA-39DD-40EC-9B4D-7422B697E41B} => C:\Games\Quake 4\Quake4.exe
    Task: {D16E4888-C106-45ED-BA4A-3DB503F144C3} - System32\Tasks\{DB302EDA-DE10-4864-8753-954EA9A4471F} => C:\Games\Civ 3\Civ3Edit.exe [2002-06-28] (FIRAXIS Games, Inc.)
    Task: {D48D7123-267A-4F61-BE36-4AF70A306584} - System32\Tasks\{4070ED18-07EF-4CA2-AE00-7541090BF6F9} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {D59748BF-BEEB-42BA-8712-471825EDEDED} - System32\Tasks\{27424D4A-9DF1-4A06-B016-546462D012E2} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {D5D8FF05-5BFB-4BE5-9158-49CFF1FEEB78} - System32\Tasks\{E7F115EB-8E3A-493E-B248-4F9B4484624D} => C:\Games\MVP Baseball 2003\mvp2003.exe [2003-03-07] ()
    Task: {D66002FF-3D2C-4D99-99CB-913156152C95} - System32\Tasks\{A65ABCF2-0359-4D38-AC79-00B9052A7C8B} => C:\Games\Quake 4\Quake4.exe
    Task: {D7694CBA-9E1D-423C-B1DB-C8465D171034} - System32\Tasks\{DBDD6A90-C847-483E-B26E-E0578E40989A} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {D8A137B7-ECF9-42FF-B99A-D1EFEAE69E9A} - System32\Tasks\{EC68295C-7926-47F6-AFDB-B67ADF0B0F22} => C:\Program Files (x86)\Beetle Buggin'\beetle.exe [2010-01-26] (Efecto Caos S.L.)
    Task: {D970309D-F5D0-4E9D-983A-B99AC566BF98} - System32\Tasks\{B3C83705-667A-4ADE-AD5C-B80843255CB5} => C:\Games\X-Com Enforcer\System\xcom.exe
    Task: {DA15CD77-1FC6-4B0B-B5ED-FF23C13C835B} - System32\Tasks\{380A83D8-AF61-4201-B49D-0DE8207FF510} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {DB5D7C43-6FD7-4481-9853-FD0DE7B819E3} - System32\Tasks\{3EBFB954-9A2E-48E4-B032-7144FBAC8310} => C:\Games\Rainbow 6\Raven Shield Single Player Demo\system\RavenShield.exe
    Task: {DCE10CF1-D8C2-4227-95F2-4A7553D039DE} - System32\Tasks\{9956A125-124E-48E6-878E-277E23932DB9} => C:\Program Files (x86)\Uniblue\DriverScanner\Launcher.exe
    Task: {DF4091E0-996B-4751-B523-90DF7E01CB2E} - System32\Tasks\{5D040087-0125-426C-BB8D-97854EBBA1DF} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {DF92E203-C988-4D9D-ABE5-37ADEDFCB8FC} - System32\Tasks\{CED4883C-D2D9-4CF1-BD73-7B67201F48BA} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {E063E69F-43E1-499F-B630-4D647A9A627A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
    Task: {E0E10624-384B-4823-A7A5-71B8B65CF8EA} - System32\Tasks\{C78BFED0-757E-41F7-8972-17BA1FAAC21E} => C:\Games\Links 2001\LinksLauncher.exe [2000-11-14] (Microsoft Corp.)
    Task: {E10FDCCE-D584-483E-A133-BB0A5005B0DA} - System32\Tasks\{86EF707C-7230-4CBB-A353-3EACB5EA3A50} => C:\Games\Nukem Manhattan\DukeNukemMP.exe [2002-05-02] ()
    Task: {E2266CEE-4E18-4A39-80E8-EFD7AF9DEDB8} - System32\Tasks\{0161E857-128B-47DB-9ACC-3B913EFE576A} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {E5350F0D-CC6F-46C2-BFDF-9045DB694515} - System32\Tasks\{20C722E8-27A9-4712-A572-AA5649783748} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {E70A1823-285A-42CC-AF52-3578BBDACB0B} - System32\Tasks\{02C59D02-30EF-4FF8-A037-680D67242B26} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {E8CCFF2F-3D49-46ED-AB2A-8DDF6437BB16} - System32\Tasks\{394C0CB1-C666-4CC7-B5C1-A7D290688075} => C:\Games\Daikatana\daikatana.exe
    Task: {E98FC6C2-450D-4DF4-BEAA-F91816461B00} - System32\Tasks\{794D2F6A-5225-4AB3-9371-8CE4A908C312} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {EB1B1009-3DA2-4566-8C53-6D85869F2E42} - System32\Tasks\{2DB2F56C-42E0-4290-B694-B0DADB7B51C7} => C:\Games\Heretic 2\Heretic2.exe [1999-05-17] (Raven Software)
    Task: {EB9ED9E9-94DA-4CC4-8D1F-0B953353D602} - System32\Tasks\{561D6A19-9FFF-491B-AB03-BD13449E3212} => C:\Games\Rainbow 6\RainbowSix.exe [1998-09-15] ()
    Task: {ECAF8DA4-0301-4F2C-9236-2EDF4C5CCF37} - System32\Tasks\{1BA4802E-1C30-4E94-BE3A-11975A69D5ED} => C:\Games\Doom 3\Doom 3 Demo\Doom3.exe
    Task: {ECB8271B-79A6-4560-975A-7DBBE393C8CF} - System32\Tasks\{8005A221-C048-47C3-BF77-93D69AD1A889} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {ED1877EE-A382-4F8A-A913-02C25C09A3F1} - System32\Tasks\{47F776AD-08E7-453E-8F38-7579291E1478} => C:\Games\Undying\System\Undying.exe [2001-01-26] ()
    Task: {EF907569-2A41-4D15-8A23-1808B3C5C2CC} - System32\Tasks\{DFABCF80-181F-46BD-99C6-D52FAE0909BB} => C:\Games\Rainbow 6\Raven Shield Single Player Demo\system\RavenShield.exe
    Task: {F16C28FF-5EB1-427A-9F88-6BDF668CC125} - System32\Tasks\{9B4DBEE7-A791-4FF3-B603-C72AAD4E6483} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {F24F74D5-89AD-4309-B9F3-829FABCB7C78} - System32\Tasks\{072B0073-8F34-4E80-9184-7011DFF677F5} => C:\Games\Painkiller\Bin\Painkiller.exe [2004-11-12] (People Can Fly)
    Task: {F3BFDFCB-DA48-4FB8-BE66-4BA2C9CD3E50} - System32\Tasks\{E88A0FEF-89AD-44FD-9444-E66D03D834CF} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {F50D35DC-4EC2-4346-9A0F-715FAF9FE3D6} - System32\Tasks\{0DF0DF07-C20C-4FB4-A722-42AB279F730B} => C:\Program Files (x86)\id Software\Quake 4\Quake4.exe
    Task: {F84885AC-29EA-4C70-A457-853A225B0E95} - System32\Tasks\{E191387B-1964-45CA-8061-4A0ECD923067} => C:\Windows\IsUninst.exe [1998-10-29] (InstallShield Software Corporation)
    Task: {F8A6CE70-7D83-4F7D-B621-D88BEFE613E1} - System32\Tasks\{16DDA5FA-C3D5-4AAA-BD99-9451B9C0DCDB} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: {FCE09ADE-3663-47B6-A672-8E54E0298138} - System32\Tasks\{56212B2A-F24C-48F7-8A5A-80C41916C450} => C:\Games\Return to Wolfenstein\Return to Castle Wolfenstein DEMO\WolfSPDemo.exe
    Task: {FD2BFF88-3579-4022-9856-81C8CAE1A7F5} - System32\Tasks\{1F6F468D-9B4D-481E-927B-839E2306B815} => C:\Games\AVP\AvP.exe [1999-05-10] ()
    Task: {FDE5EAFE-7E11-4541-AE75-46390D842AE9} - System32\Tasks\{797D6BF6-6D7C-4024-A33B-8E57B44EFDBD} => C:\Games\Quake 4\Quake4.exe
    Task: {FEF7358B-85ED-4B4E-B467-DF88B0069EB2} - System32\Tasks\{A4A32284-FC97-4815-803C-0EEFBCE7DB20} => C:\Games\Ghost Recon\GhostRecon.exe [2002-10-11] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForMark Fruehling.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-05-05 23:05 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2010-01-08 14:07 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
    2009-05-26 03:36 - 2009-05-26 03:36 - 00656896 ____N () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2009-12-28 21:11 - 2009-06-03 14:34 - 03764224 _____ () C:\Users\Mark Fruehling\AppData\Roaming\PictureMover\Bin\Core.dll
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2009-12-28 21:11 - 2009-06-03 14:43 - 01703936 _____ () C:\Users\Mark Fruehling\AppData\Roaming\PictureMover\EN-US\Presentation.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:A3F4C22C
    AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
    AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

    ==================== Safe Mode (whitelisted) ===================

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (05/01/2014 06:25:59 PM) (Source: DCOM) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 45%
    Total physical RAM: 1918.49 MB
    Available physical RAM: 1053.23 MB
    Total Pagefile: 3836.98 MB
    Available Pagefile: 2552.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (COMPAQ) (Fixed) (Total:221.88 GB) (Free:84.82 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: (HP v100w) (Removable) (Total:1.87 GB) (Free:0.23 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 233 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=2 GB) - (Type=06)

    ==================== End Of Log ============================

     

    Here is the OTL log created after OTL executed:

     

    OTL logfile created on: 5/1/2014 6:58:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mark Fruehling\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.26% Memory free
    3.75 Gb Paging File | 2.45 Gb Available in Paging File | 65.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 221.88 Gb Total Space | 84.82 Gb Free Space | 38.23% Space Free | Partition Type: NTFS
    Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.55% Space Free | Partition Type: NTFS
    Drive G: | 1.87 Gb Total Space | 0.23 Gb Free Space | 12.40% Space Free | Partition Type: FAT
     
    Computer Name: MARKFRUEHLING | User Name: Mark Fruehling | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/05/01 18:53:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Fruehling\Desktop\zzOTL.exe
    PRC - [2014/03/28 06:39:51 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/03/12 03:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
    PRC - [2014/02/20 23:25:04 | 000,173,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
    PRC - [2013/02/19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PRC - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2009/06/03 14:43:14 | 001,703,936 | ---- | M] () -- C:\Users\Mark Fruehling\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    MOD - [2009/06/03 14:34:18 | 003,764,224 | ---- | M] () -- C:\Users\Mark Fruehling\AppData\Roaming\PictureMover\Bin\Core.dll
    MOD - [2009/05/26 03:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/12/03 21:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2014/04/29 07:25:33 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/03/12 03:29:49 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe -- (NIS)
    SRV - [2014/02/20 23:25:04 | 000,173,280 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/10/10 03:47:52 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/02/19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/09/30 16:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/03/03 23:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2014/02/23 09:15:03 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2014/02/17 20:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symnets.sys -- (SymNetS)
    DRV:64bit: - [2014/02/15 10:31:08 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2014/02/11 13:33:43 | 000,875,736 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2014/02/11 13:33:43 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1502000.026\symds64.sys -- (SymDS)
    DRV:64bit: - [2013/05/13 05:47:27 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2013/05/12 19:36:39 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2013/03/04 07:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/01/26 18:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2014/03/26 06:34:46 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140430.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2014/03/18 20:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2014/02/22 02:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140501.003\ex64.sys -- (NAVEX15)
    DRV - [2014/02/22 02:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2014/02/22 02:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140501.003\eng64.sys -- (NAVENG)
    DRV - [2014/02/15 10:31:08 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2013/11/20 21:56:49 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{34CFDD70-3889-41FA-AA2F-4DDC883CF675}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{492A6D90-922B-4BBB-A099-A2364C0ACDE3}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{34CFDD70-3889-41FA-AA2F-4DDC883CF675}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKLM\..\SearchScopes\{492A6D90-922B-4BBB-A099-A2364C0ACDE3}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {C3CD82B2-A9E9-43C5-A80E-A0F06378ADFC}
    IE - HKCU\..\SearchScopes\{34CFDD70-3889-41FA-AA2F-4DDC883CF675}: "URL" = http://www.bing.com/...E11SR&pc=CPDTDF
    IE - HKCU\..\SearchScopes\{492A6D90-922B-4BBB-A099-A2364C0ACDE3}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS425
    IE - HKCU\..\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}: "URL" = http://search.netzer...ry={searchTerms}
    IE - HKCU\..\SearchScopes\{C3CD82B2-A9E9-43C5-A80E-A0F06378ADFC}: "URL" = https://www.google.c...?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
     
     
    ========== FireFox ==========
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn\ [2014/05/01 17:20:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014/02/23 09:34:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/25 23:09:53 | 000,000,000 | ---D | M]
     
    [2010/01/14 15:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark Fruehling\AppData\Roaming\Mozilla\Extensions
    [2010/01/14 15:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark Fruehling\AppData\Roaming\Mozilla\Extensions\[email protected]
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - Extension: Google Docs = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.7.3_0\
    CHR - Extension: Google Wallet = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Gmail = C:\Users\Mark Fruehling\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
     
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
    O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
    O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll (Headlight Software, Inc.)
    O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll (Juno, Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - No CLSID value found.
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\NetZero\UCReg.dll (NetZero, Inc.)
    O2 - BHO: (Juno Toolbar Helper) - {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\Juno\UCReg.dll (Juno, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O4 - Startup: C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
    O4 - Startup: C:\Users\Mark Fruehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Wallpaper & Screensaver.lnk = C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe (Webshots)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
    O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
    O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.co.marsha...sessor/smsx.cab (MeadCo ScriptX)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63FEA10A-2D97-4C7D-812F-F23799D74841}: DhcpNameServer = 97.64.168.12 97.64.183.165
    O18:64bit: - Protocol\Handler\junomsg - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
     
    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: BingDesktop - hkey= - key= - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    MsConfig:64bit - StartUpReg: WordWeb - hkey= - key= - C:\Program Files (x86)\WordWeb\wweb32.exe (WordWeb Software)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
     
    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    SafeBootNet:64bit: AppMgmt - Service
    SafeBootNet:64bit: Base - Driver Group
    SafeBootNet:64bit: Boot Bus Extender - Driver Group
    SafeBootNet:64bit: Boot file system - Driver Group
    SafeBootNet:64bit: File system - Driver Group
    SafeBootNet:64bit: Filter - Driver Group
    SafeBootNet:64bit: HelpSvc - Service
    SafeBootNet:64bit: Messenger - Service
    SafeBootNet:64bit: NDIS Wrapper - Driver Group
    SafeBootNet:64bit: NetBIOSGroup - Driver Group
    SafeBootNet:64bit: NetDDEGroup - Driver Group
    SafeBootNet:64bit: Network - Driver Group
    SafeBootNet:64bit: NetworkProvider - Driver Group
    SafeBootNet:64bit: PCI Configuration - Driver Group
    SafeBootNet:64bit: PNP Filter - Driver Group
    SafeBootNet:64bit: PNP_TDI - Driver Group
    SafeBootNet:64bit: Primary disk - Driver Group
    SafeBootNet:64bit: rdsessmgr - Service
    SafeBootNet:64bit: sacsvr - Service
    SafeBootNet:64bit: SCSI Class - Driver Group
    SafeBootNet:64bit: Streams Drivers - Driver Group
    SafeBootNet:64bit: System Bus Extender - Driver Group
    SafeBootNet:64bit: TDI - Driver Group
    SafeBootNet:64bit: vmms - Service
    SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver - Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
     
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
     
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/05/01 18:53:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark Fruehling\Desktop\zzOTL.exe
    [2014/05/01 18:43:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/05/01 17:25:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/05/01 17:07:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
    [2014/05/01 17:04:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/05/01 16:17:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/05/01 16:05:02 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
    [2014/05/01 16:03:36 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/05/01 16:03:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/04/30 14:16:43 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mark Fruehling\Desktop\zzJunk Removal Tool Download.exe
    [2014/04/30 13:58:47 | 002,061,824 | ---- | C] (Farbar) -- C:\Users\Mark Fruehling\Desktop\zzFarbar Recovery Scan Tool X64.exe
    [2014/04/17 08:35:32 | 000,000,000 | ---D | C] -- C:\Users\Mark Fruehling\Documents\International Association of Commercial Finance Brokers
    [2014/04/17 06:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mark Fruehling\Documents\EMPU
    [2014/04/16 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2014/04/16 16:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2014/04/16 16:13:20 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2014/04/16 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2014/04/16 16:00:24 | 000,000,000 | ---D | C] -- C:\Users\Mark Fruehling\AppData\Local\Microsoft Help
    [2014/04/16 16:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
    [2014/04/10 06:11:05 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2014/04/10 06:11:05 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
    [2014/04/10 06:11:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
    [2014/04/10 06:11:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
    [2014/04/10 06:11:00 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2014/04/10 06:11:00 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2014/04/10 06:11:00 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2014/04/10 06:11:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2014/04/10 06:11:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2014/04/10 06:11:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2014/04/10 06:11:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2014/04/10 06:10:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2014/04/10 06:10:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2014/04/10 06:10:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/05/01 18:53:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark Fruehling\Desktop\zzOTL.exe
    [2014/05/01 18:46:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/01 18:34:02 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMark Fruehling.job
    [2014/05/01 18:25:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/01 18:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/01 17:25:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/01 17:25:36 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/01 17:18:24 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/01 17:18:00 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/01 05:26:56 | 000,000,484 | ---- | M] () -- C:\Users\Mark Fruehling\AppData\Roaming\.openyahtzee
    [2014/04/30 14:16:44 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mark Fruehling\Desktop\zzJunk Removal Tool Download.exe
    [2014/04/30 13:58:47 | 002,061,824 | ---- | M] (Farbar) -- C:\Users\Mark Fruehling\Desktop\zzFarbar Recovery Scan Tool X64.exe
    [2014/04/30 10:50:09 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2014/04/29 09:13:13 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/04/29 09:13:13 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/04/29 09:13:13 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/04/29 07:25:07 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/04/29 07:25:07 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/04/17 06:32:05 | 000,001,229 | ---- | M] () -- C:\Users\Mark Fruehling\Desktop\Download App by CNET 1.6.5.165 (need Internet).lnk
    [2014/04/16 17:43:53 | 000,689,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/04/16 17:05:34 | 000,001,139 | ---- | M] () -- C:\Users\Mark Fruehling\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2014/04/13 21:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/04/13 21:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/04/04 21:25:53 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2014/04/16 17:05:34 | 000,001,139 | ---- | C] () -- C:\Users\Mark Fruehling\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2014/04/14 06:34:54 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMark Fruehling.job
    [2013/05/24 07:47:21 | 000,003,584 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/05 14:22:02 | 000,000,484 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Roaming\.openyahtzee
    [2012/02/19 20:46:17 | 000,001,057 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Roaming\DVDSubEdit.ini
    [2011/11/16 07:45:48 | 000,001,854 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Roaming\GhostObjGAFix.xml
    [2011/07/28 14:29:15 | 000,000,000 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Local\{9EA8F4E5-E260-4015-BFE0-F992DF264A50}
    [2011/06/26 09:39:00 | 000,000,000 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Local\{7C2BA116-8764-4F18-BF5A-44E3BB5B2D02}
    [2011/05/27 16:14:44 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/05/18 15:05:19 | 000,001,571 | ---- | C] () -- C:\Users\Mark Fruehling\four.dxp
    [2011/05/04 09:42:25 | 000,000,000 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Local\{13E0D8A2-98FE-450F-9701-CF5268F8EEC0}
    [2010/01/12 20:08:29 | 000,000,128 | -H-- | C] () -- C:\Users\Mark Fruehling\microsoft.dat
    [2009/12/30 12:42:06 | 000,000,000 | ---- | C] () -- C:\Users\Mark Fruehling\AppData\Roaming\wklnhst.dat
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ST325031 8AS SCSI Disk Device
    Partitions: 3
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: HP v100w USB Device
    Partitions: 1
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 222.00GB
    Starting Offset: 105906176
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 11.00GB
    Starting Offset: 238350761984
    Hidden sectors: 0
     
     
    DeviceID: Disk #1, Partition #0
    PartitionType: MS-DOS V4 Huge
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 2.00GB
    Starting Offset: 32768
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %systemroot%\assembly\GAC_32\*.ini >
     
    < %systemroot%\assembly\GAC_64\*.ini >
     
    < %SYSTEMDRIVE%\*.exe >
     
    < %ALLUSERSPROFILE%\Application Data\*.exe >
     
    < %APPDATA%\*. >
    [2014/02/17 07:12:59 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\3MCloudLibrary
    [2010/02/13 09:22:35 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\AccurateRip
    [2010/01/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\ActionSoft
    [2013/01/14 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Adobe
    [2014/01/04 06:21:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Apple Computer
    [2011/03/09 08:44:40 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Avery
    [2013/04/20 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\AVS4YOU
    [2011/12/13 19:22:14 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Awem
    [2014/01/30 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Azureus
    [2010/02/01 04:41:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Canneverbe Limited
    [2014/02/02 10:36:53 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\CBS Interactive
    [2011/03/06 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\CyberLink
    [2010/02/13 09:30:22 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\dBpoweramp
    [2014/02/02 07:35:04 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\DigitalVolcano
    [2012/05/24 21:12:04 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\driveridentifier
    [2014/02/02 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\EMPU
    [2011/03/09 17:10:52 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\fltk.org
    [2014/04/12 07:56:55 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\GetRight
    [2011/04/03 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Google
    [2012/06/16 06:48:03 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Hewlett-Packard
    [2014/02/28 07:25:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\HP Support Assistant
    [2009/12/28 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\HP TCS
    [2013/03/29 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\hpqLog
    [2014/02/28 07:25:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\HpUpdate
    [2009/12/28 21:10:09 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Identities
    [2012/02/07 17:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\ImTOO
    [2010/11/14 18:41:18 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\InstallShield
    [2010/11/14 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Leadertech
    [2009/12/29 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Macromedia
    [2011/03/11 07:09:20 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Malwarebytes
    [2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Media Center Programs
    [2014/04/16 17:30:28 | 000,000,000 | --SD | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Microsoft
    [2010/01/14 15:25:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Mozilla
    [2010/01/14 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\MusicNet
    [2014/02/28 08:26:36 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\New Super Mario Forever
    [2013/05/04 03:26:30 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Oberon Media
    [2009/12/28 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\PictureMover
    [2009/12/29 14:16:08 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\PKWARE
    [2010/01/18 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\PrimoPDF
    [2011/10/12 06:19:12 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Rovio
    [2013/06/04 06:17:32 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\SanDisk
    [2010/08/07 21:11:16 | 000,000,000 | RH-D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\SecuROM
    [2010/09/16 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Skip-Bo
    [2014/02/28 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Skype
    [2012/02/07 18:17:13 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\SmartDVDCreator
    [2014/03/09 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\SolSuite
    [2010/05/29 16:01:54 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Template
    [2011/03/15 19:24:49 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Tific
    [2010/09/28 12:22:01 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\UNOUndercover
    [2010/02/09 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\uTorrent
    [2010/02/23 15:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\VMware
    [2014/01/04 03:51:25 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Webshots
    [2014/01/03 12:18:46 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WebshotsDailyFeatures
    [2011/03/06 07:42:26 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
    [2013/04/23 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WildTangent
    [2010/02/02 11:28:23 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WinBatch
    [2014/05/01 07:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\Wise Disk Cleaner
    [2014/03/27 08:25:54 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WiseUpdate
    [2010/01/10 22:09:10 | 000,000,000 | ---D | M] -- C:\Users\Mark Fruehling\AppData\Roaming\WordWeb
     
    < MD5 for: ATAPI.SYS  >
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
     
    < MD5 for: CSRSS.EXE  >
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
    [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
     
    < MD5 for: EXPLORER.EXE  >
    [2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
     
    < MD5 for: MSWSOCK.DLL  >
    [2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
    [2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
    [2013/09/06 21:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
    [2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
    [2013/09/07 21:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
    [2013/09/06 21:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
    [2013/09/07 21:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
    [2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
     
    < MD5 for: NAPINSP.DLL  >
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
    [2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
    [2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
     
    < MD5 for: NLAAPI.DLL  >
    [2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
    [2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
    [2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
    [2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
    [2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
    [2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
    [2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
    [2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
    [2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
     
    < MD5 for: PNRPNSP.DLL  >
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
    [2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
    [2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
     
    < MD5 for: PRINTISOLATIONHOST.EXE  >
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
    [2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
     
    < MD5 for: SERVICES.EXE  >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
     
    < MD5 for: SVCHOST.EXE  >
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
    < MD5 for: USER32.DLL  >
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
    [2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
    [2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
    [2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
    [2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
     
    < MD5 for: USERINIT.EXE  >
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
     
    < MD5 for: WINLOGON.EXE  >
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
     
    < MD5 for: WINRNR.DLL  >
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
    [2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
    [2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
     
    < MD5 for: WSHELPER.DLL  >
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
    [2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
    [2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
     
    < C:\Windows\assembly\tmp\U\*.* /s >
     
    < %systemroot%\*. /mp /s >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/03/07 08:12:05 | 000,804,560 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/03/07 08:12:05 | 000,804,560 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2014/04/23 19:33:15 | 000,841,032 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/03/07 08:12:03 | 000,218,624 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/03/07 08:12:03 | 000,218,624 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/03/07 08:12:03 | 000,218,624 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/03/07 08:12:05 | 000,804,560 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/03/07 08:12:05 | 000,804,560 | ---- | M] (Microsoft Corporation)
     
    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %ProgramFiles%\WINDOWS NT\*.* /s >
    [2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
    [2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
    [2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
    [2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
    [2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
    [2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
    [2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
    [2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
    [2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
    [2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
    [2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
    [2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A3F4C22C
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >

     

    Here is the log file Extras created after OTL is executed:

     

    OTL Extras logfile created on: 5/1/2014 6:58:43 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mark Fruehling\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.26% Memory free
    3.75 Gb Paging File | 2.45 Gb Available in Paging File | 65.49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 221.88 Gb Total Space | 84.82 Gb Free Space | 38.23% Space Free | Partition Type: NTFS
    Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.55% Space Free | Partition Type: NTFS
    Drive G: | 1.87 Gb Total Space | 0.23 Gb Free Space | 12.40% Space Free | Partition Type: FAT
     
    Computer Name: MARKFRUEHLING | User Name: Mark Fruehling | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (All) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1l",OpenURL %l (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07E215F7-931A-45FB-8161-DC5450FAB60B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{0B836242-EC87-450A-B0FD-2468A3A74A48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3056AA6E-46B4-44F7-AC85-77AB157D6C22}" = lport=139 | protocol=6 | dir=in | app=system |
    "{38D1B097-549F-4FC3-A125-ECDDFDFAF202}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4701CBFB-A937-4928-9D13-48A3ADD5FFEF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4C2686AE-A9D5-4778-B4FE-305FD048A6F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{5B53D62B-7790-45FB-BA2F-E84C5771B028}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6D918CB3-BB23-4F7E-8321-2CAEFF04B3BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{7D5CEA8B-48CB-4B28-A9BC-3EC3F4CCB191}" = rport=137 | protocol=17 | dir=out | app=system |
    "{9674667B-C69A-4C3A-A1F3-876606CAA2E1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C029BD05-3A50-41E3-8169-654FAD21E16C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D03B660E-7779-4578-A7E1-072A24723575}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DB40C8D6-012D-45A1-A36C-528FD7D06C41}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F72262F7-6516-4A2D-9624-B0442C0DE01C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{FBEDA43F-E49B-42C9-B287-F74BDF64428C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0081DF34-D474-4DE5-93ED-382A2FE497CC}" = protocol=6 | dir=in | app=c:\games\skipbo\skip-bo castaway caper™\skipbocastawaycaper.exe |
    "{008FD6C9-22B3-41D9-8AC5-8CCBCB169EDA}" = protocol=17 | dir=in | app=c:\games\raiders\raidersdemo\sofrdemo.exe |
    "{00B5E095-B1DB-4CE7-BC1A-67696C82E030}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsupdatemanager\avsupdatemanager.exe |
    "{0160B4A1-78DB-42A1-8EC8-C4A1002048B7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{033DC5BF-91AD-40C1-9324-41600F8AD9BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{03405B03-D8BD-4D1A-A83B-BB49CB6C615A}" = protocol=17 | dir=in | app=c:\program files (x86)\4musics mp3 bitrate changer\mp3-mp3.exe |
    "{04571D61-2231-4B14-A3F8-2EC2385E17A0}" = protocol=6 | dir=in | app=c:\games\ship sim 2008\shipsim2008demo\shipsim2008_demo.exe |
    "{05A0B195-77A3-47B3-ADF2-477A0B57C70A}" = protocol=6 | dir=in | app=c:\games\ghost - graw 2\ghost recon advanced warfighter 2\graw2.exe |
    "{0778C77C-05B5-4616-83A8-7738AF025050}" = protocol=6 | dir=in | app=c:\games\ghost recon\ghostrecon.exe |
    "{08D85FDB-1751-4D7E-B439-04762F176662}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{091450CD-1E88-42C8-AEE0-B1BA10B0EA4A}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmplayer.exe |
    "{0A76CD2E-A2D7-4C99-85B7-D4B7644DACAE}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsphotoeditor\avsphotoeditor.exe |
    "{0A889B1C-0303-4D08-A6E7-FCFB25DC4341}" = protocol=6 | dir=in | app=c:\program files (x86)\beetle buggin'\beetle.exe |
    "{0B658FF9-1F2A-454C-8ACC-03247C17E287}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{0C35E704-BBC7-429F-8FA0-650BBC8EF3B7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{0D61F388-7A9B-4FFE-91AB-54327B357E6F}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "{1078129A-7EE9-4721-ABEB-B4A23E651594}" = protocol=6 | dir=in | app=c:\program files (x86)\cdburnerxp\cdbxpp.exe |
    "{11D7D4E1-A4C8-4764-9E41-3DF7D2E636FC}" = protocol=6 | dir=in | app=c:\games\nukem manhattan\dukenukemmp.exe |
    "{11D92F59-2FA3-42E5-91AD-EA986C08BA5B}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsvideoremaker\avsvideoremaker.exe |
    "{1236B734-E1BF-47B4-87A0-476F0B2DF1BB}" = protocol=6 | dir=in | app=c:\games\warcraft 3\warcraft iii demo\warcraft iii demo.exe |
    "{130A2333-6999-40CB-8DF5-68EEC8545013}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsringtonemaker\avsringtonemaker.exe |
    "{1587AE91-B2B9-42C9-B90F-21E5D4F9FA5A}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsimageconverter\avsimageconverter.exe |
    "{183930C2-FD8E-4B1E-868E-038E67ECDDF3}" = protocol=6 | dir=in | app=c:\games\call of duty\codsp.exe |
    "{1ACBAEC4-261E-4ED4-817F-B2C9D42514BD}" = protocol=6 | dir=in | app=c:\games\civ 3\civilization3.exe |
    "{1B85DCD7-6B62-4A24-8F1C-B5A5059939A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsscreencapture\avsscreencapture.exe |
    "{1C530F46-D88C-4BFC-931D-124CC0814E30}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1D962955-492A-4855-BAA0-FA5D4B65BA53}" = protocol=17 | dir=in | app=c:\games\hidden and dangerous\bin\hde.exe |
    "{1EAFB326-AA05-413A-99CB-A3409AD71751}" = protocol=17 | dir=in | app=c:\program files (x86)\wordweb\wwnotray.exe |
    "{22EAF888-942F-43EC-9D98-67370AFBB301}" = protocol=6 | dir=in | app=c:\program files (x86)\getright\getright.exe |
    "{25B46621-3AB2-4868-A5AA-152487DD49C1}" = protocol=17 | dir=in | app=f:\downloads\012710\setup.exe |
    "{27310EFC-1450-4AF4-B980-1F95FECA0E64}" = protocol=6 | dir=in | app=c:\games\gunman\gunman\gunman.exe |
    "{282DD0F9-49CD-45D9-8B2D-A4C50A783635}" = protocol=6 | dir=in | app=c:\games\halo\halo.exe |
    "{2AE937A0-EEBB-4862-A343-E8EF5A443570}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsvideoconverter\avsvideoconverter.exe |
    "{2B5CEC60-03B9-405D-B0D4-4F6C726D6A22}" = protocol=17 | dir=in | app=c:\games\skipbo\skip-bo castaway caper™\skipbocastawaycaper.exe |
    "{2C3F0013-AD7E-455C-86A3-F9A830B6B966}" = protocol=17 | dir=in | app=c:\games\age of empires 3\age3.exe |
    "{2D2C300D-BF2E-40A6-89EA-28B52DE4A6C5}" = protocol=17 | dir=in | app=c:\games\pure sudoku\puresudoku.exe |
    "{2F851B70-1CA1-4947-86F0-04A54225D39A}" = protocol=17 | dir=in | app=c:\games\call of duty\codsp.exe |
    "{36C13DAC-1B6B-443D-8E4E-EC008FCEE01E}" = protocol=17 | dir=in | app=c:\program files (x86)\wise disk cleaner\wisediskcleaner.exe |
    "{36F82ACD-4F3F-4B03-83C8-2FF261639872}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsdvdcopy\avsdvdcopy.exe |
    "{3837E7EC-FD24-4537-A817-EAF2EEB575EF}" = protocol=6 | dir=in | app=c:\games\serious sam  2\serious sam 2 demo\bin\sam2.exe |
    "{39D0DF3B-B6B2-442E-9D87-C74A515E858F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3C6A4648-56E4-4201-8BF1-E7661DF900CE}" = protocol=6 | dir=in | app=c:\games\links 2001\linkslauncher.exe |
    "{43616606-4C98-4218-8263-6609DB98CB33}" = protocol=6 | dir=in | app=c:\games\age of empires 3\age3.exe |
    "{43DF51B8-4939-43D3-AA5A-710C023BA91A}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsscreencapture\avsscreencapture.exe |
    "{471B0D74-80BC-4B30-9A4A-1650812D834F}" = protocol=17 | dir=in | app=c:\games\links 2003\linkslauncher.exe |
    "{47E83B8A-C30A-4366-AC40-148F626C3B42}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4A71E711-E9D3-4D4E-936D-C2D3B78933AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsvideorecorder\avsvideorecorder.exe |
    "{4AC5558F-C4FA-434D-A1BF-BB5E9564E4A3}" = protocol=17 | dir=in | app=c:\games\halo\halo.exe |
    "{4CEE0593-6075-413E-B105-5183627FC7D4}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{5056D7EA-A522-4275-BCD8-E2D3577E9BFC}" = protocol=17 | dir=in | app=e:\painkiller_booh.exe |
    "{5389CC14-01AB-4557-82C7-4DF57BABE403}" = protocol=17 | dir=in | app=c:\program files (x86)\beetle buggin'\beetle.exe |
    "{5391DD16-F693-4AEA-9F2A-7C6E5CAA3C88}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsaudiorecorder\avsaudiorecorder.exe |
    "{5486D56F-69A7-4A9B-9DD4-BACB59EF8082}" = protocol=6 | dir=in | app=c:\program files (x86)\wise disk cleaner\wisediskcleaner.exe |
    "{5780592D-9164-4FEC-B3B1-7AF6B8FC4358}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmplayer.exe |
    "{582C6B09-9594-4E6F-848D-5665FBA0E99D}" = protocol=17 | dir=in | app=c:\games\sc double agent\scda-offline\system\splintercell4.exe |
    "{59BCC430-BB07-4F16-A757-C4E2750F125C}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsvideoeditor\avsvideoeditor.exe |
    "{5C01C52A-F096-4B47-8D13-56372D91CE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avssoftwarenavigator\avs4yousoftwarenavigator.exe |
    "{5DED993D-5500-4733-8964-7479F75E0934}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{5E00D4BF-DC99-408F-95CA-D0911E27B308}" = protocol=6 | dir=in | app=c:\games\heretic 2\heretic2.exe |
    "{5E991DC1-1DBD-456C-8D8F-44DA9E348505}" = protocol=6 | dir=in | app=c:\games\super mario 3\mario forever 5.0\mario forever 5.0.exe |
    "{6073A6A5-C89A-4138-B463-EC7DDD7CE1B2}" = protocol=6 | dir=in | app=c:\games\avp\avp.exe |
    "{60893BB1-6230-416B-B8A2-813BBD20171D}" = protocol=6 | dir=in | app=c:\games\links 2003\linkslauncher.exe |
    "{6508A229-F68A-4FA1-8DE9-DC67AC735877}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "{651FF08C-233E-48AF-B980-FA2EB0DDD1E2}" = protocol=17 | dir=in | app=c:\games\heretic 2\heretic2.exe |
    "{655716F6-DFDC-4451-8A38-B68E6E2819B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsdocumentconverter\avsdocumentconverter.exe |
    "{67177290-ACAA-4F66-BD46-3DBF48A1821B}" = protocol=6 | dir=in | app=c:\program files (x86)\dvdfab 8 qt\dvdfab.exe |
    "{67D82ACE-8DA7-47F1-80F6-A5CA106831D8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{6B06AD8F-8857-4E15-8C7E-B5656168BB96}" = protocol=6 | dir=in | app=c:\games\rainbow 6\rainbowsix.exe |
    "{6F12A411-D58D-499F-9DC8-F39ADA999705}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsupdatemanager\avsupdatemanager.exe |
    "{70C7D2F5-E2F7-41E8-AEAC-5411473560A3}" = protocol=6 | dir=in | app=c:\games\aoe 3 the war chiefs\age3x.exe |
    "{73B27D85-9B6A-4AED-A3A8-778C6164E518}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsregistrycleaner\avsregistrycleaner.exe |
    "{742829DB-A2D5-4132-A45D-33DB2B2A8338}" = protocol=17 | dir=in | app=c:\games\half life\half life\half-life\hl.exe |
    "{75CEEF97-EA25-4FCA-9F17-58FA261F7F6B}" = protocol=17 | dir=in | app=c:\program files (x86)\dvdfab 8 qt\dvdfab.exe |
    "{76274614-567A-4D01-8CE5-910E07AB2308}" = protocol=6 | dir=in | app=e:\painkiller_booh.exe |
    "{763AF040-2F6E-4593-B0F1-8C8A72862548}" = protocol=17 | dir=in | app=c:\games\uno\uno - undercover\uno undercover.exe |
    "{76777F96-AFA9-4120-BBD4-A8290D6A3616}" = protocol=6 | dir=in | app=c:\games\x-com enforcer\system\xcomed.exe |
    "{77EA8D97-C46E-468B-845F-6583A4F2712C}" = protocol=6 | dir=in | app=c:\games\undying\system\undying.exe |
    "{786764E6-8F47-407A-9A5E-6BF80FDC59CC}" = protocol=1 | dir=in | [email protected],-28543 |
    "{7939BCD6-F114-452B-AF6D-78F244E603DD}" = protocol=6 | dir=in | app=c:\games\dig dug\virtuanes.exe |
    "{7CE653A6-5F10-4786-B82C-ACB679FC9720}" = protocol=17 | dir=in | app=c:\games\x-com enforcer\system\xcomed.exe |
    "{7DB75667-69AE-412B-9C67-401121766C61}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7F005474-7BCD-4F0F-8394-6EAD9D075429}" = protocol=6 | dir=in | app=c:\program files (x86)\juno\exec.exe |
    "{7FD46BB1-1605-4981-83A0-BDBEA47B0F31}" = protocol=17 | dir=in | app=c:\games\df bh down platinum pack\dfbhd.exe |
    "{83E0491D-9838-44A5-9393-4FE5472EA5A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsdvdcopy\avsdvdcopy.exe |
    "{83F9FAFE-A3E0-41D0-935C-3E28A536FE77}" = protocol=6 | dir=in | app=c:\games\ghost - graw 2\ghost recon advanced warfighter 2\graw2_dedicated.exe |
    "{85FB6D78-9AE6-4313-ADEA-1146566F3923}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsvideoconverter\avsvideoconverter.exe |
    "{8762B572-A789-4FB0-A2DA-E3D095AABA69}" = protocol=17 | dir=in | app=c:\games\ship sim 2008\shipsim2008demo\shipsim2008_demo.exe |
    "{88F99378-DE04-494C-9970-A8FE6F7A662C}" = protocol=17 | dir=in | app=c:\games\ghost recon\ghostrecon.exe |
    "{8BB827B0-A4EF-42A6-95F4-FE6E6650584B}" = protocol=6 | dir=in | app=c:\games\sc double agent\scda-offline\system\splintercell4.exe |
    "{8C077B89-FF3C-4B55-9CE5-A58524679272}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsmediaplayer\avsmediaplayer.exe |
    "{8D83F711-831C-44A9-BB87-FAD752CF426A}" = protocol=17 | dir=in | app=c:\program files (x86)\netzero\exec.exe |
    "{8D9B7484-2DD1-4C61-AC86-742900D6F19D}" = protocol=17 | dir=in | app=c:\games\warcraft 3\warcraft iii demo\warcraft iii demo.exe |
    "{8DEB68C6-7583-4516-9D96-5BBB181EE51A}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsmediaplayer\avsmediaplayer.exe |
    "{8F6ACC36-FF6A-449E-9FC7-152DBCDA9EED}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsvideoremaker\avsvideoremaker.exe |
    "{90E40983-3F3F-439A-9884-65BE005E98E9}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsvideorecorder\avsvideorecorder.exe |
    "{9120FF68-07E3-417B-8403-9F966871F2FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{93C8B863-3739-4AA1-8E09-0B8657A656D1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\avsmedia\videouploader\avsvideouploader.exe |
    "{954A5CE3-A9FF-49E1-86DB-53ECBE1015F8}" = protocol=17 | dir=in | app=c:\games\half life\opposing forces\opfor\hl.exe |
    "{9599B4B3-3DD0-4DC4-82EB-8915F13AE9BB}" = protocol=17 | dir=in | app=c:\games\ghost - graw 2\ghost recon advanced warfighter 2\graw2.exe |
    "{95B604F2-0B18-4534-A80B-25C1B478C900}" = protocol=17 | dir=in | app=e:\painkillersetup.exe |
    "{979D0882-AB11-4DB4-9DCD-9A71070AB515}" = protocol=6 | dir=in | app=c:\games\half life\opposing forces\opfor\hl.exe |
    "{9CF5E129-5158-440F-A208-053959AB8C55}" = protocol=6 | dir=in | app=c:\games\avp2\avp2.exe |
    "{9EA50CCE-FEAA-454C-AD8E-E1D2341605B8}" = protocol=17 | dir=in | app=c:\games\serious sam  2\serious sam 2 demo\bin\sam2.exe |
    "{9F1892D6-4A91-45DE-949E-B686CD3B4FB3}" = protocol=6 | dir=in | app=c:\games\emergency fire response\fdmaster.exe |
    "{A071292E-01CE-4F28-A861-8031952BBCAF}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avscovereditor\avscovereditor2.exe |
    "{A0718D9C-996D-4854-A0A5-3002B6E7C255}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{A15F85FE-B285-4488-82E0-6B229D7D9AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\wordweb\wwnotray.exe |
    "{A2AA3787-559D-4DB0-83F6-E7A0591FEA41}" = protocol=1 | dir=out | [email protected],-28544 |
    "{A33CE982-3730-4832-8CAD-9A11189536D9}" = protocol=17 | dir=in | app=c:\games\civ 3\civilization3.exe |
    "{A606E902-F5EC-4424-9A3C-5D50DF3AFDB0}" = protocol=6 | dir=in | app=c:\games\half life\half life\half-life\hl.exe |
    "{A72E9F05-11E8-4291-A38B-5E1B388ED3FA}" = protocol=17 | dir=in | app=c:\games\links 2001\linkslauncher.exe |
    "{AA7292C5-5985-421C-BA37-FF9CEE1C1A25}" = protocol=17 | dir=in | app=c:\games\archangel\bin\game.exe |
    "{AA78F518-50DC-4E94-8405-33DABB054DDA}" = protocol=6 | dir=in | app=c:\games\archangel\bin\game.exe |
    "{AAAE5063-FD99-41BC-986A-8A6CB824E8E3}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsaudiorecorder\avsaudiorecorder.exe |
    "{AAE5AA0B-2F57-4298-B388-64E6B84FCC62}" = protocol=6 | dir=in | app=c:\games\df bh down platinum pack\dfbhd.exe |
    "{AD85A3C7-02B9-48C6-A67E-13315B3409F4}" = protocol=17 | dir=in | app=c:\program files (x86)\cdburnerxp\cdbxpp.exe |
    "{B0CBBF5D-FDD3-4DFB-AB3E-A15B3608FA2F}" = protocol=17 | dir=in | app=c:\games\avp\avp.exe |
    "{B227B426-C386-45A2-AC6D-127793E6F0D2}" = protocol=17 | dir=in | app=c:\games\super mario 3\mario forever 5.0\mario forever 5.0.exe |
    "{B25F1D13-5A04-4FE2-9248-C2B4BC3B1F2F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{B3A4CE8E-D008-4C02-B892-20BCA637B4AF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{B590A402-3725-4803-8B8B-ABD8E7617055}" = protocol=6 | dir=in | app=c:\games\aoe 3 asian dynasties\age3y.exe |
    "{B7AFC053-A341-4948-8CAB-9C7D817FC9F2}" = protocol=6 | dir=in | app=c:\program files (x86)\uniblue\driverscanner\launcher.exe |
    "{B954A5D4-F787-440C-904B-D8B61D6B8718}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{B9C865DF-1405-4612-8B88-E3F9B7C16637}" = protocol=17 | dir=in | app=c:\games\gunman\gunman\gunman.exe |
    "{BB344A76-6CF0-416C-8933-D3B6D78BEEC5}" = protocol=17 | dir=in | app=c:\program files (x86)\getright\getright.exe |
    "{BB527D5B-ED7C-4371-8699-6619ADF716CC}" = protocol=6 | dir=in | app=e:\painkillersetup.exe |
    "{BBF9C586-BC47-47F8-903E-8803658EA80A}" = protocol=17 | dir=in | app=c:\games\emergency fire response\fdmaster.exe |
    "{BDB8E565-EBF6-4EFD-BB89-A7CFEEE127ED}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsphotoeditor\avsphotoeditor.exe |
    "{BDFCF735-96F2-4EFE-A52C-DB15DDFA0946}" = protocol=17 | dir=in | app=c:\games\undying\system\undying.exe |
    "{BEBA49D8-F8B5-469D-9664-356F649E22E0}" = protocol=17 | dir=in | app=c:\games\splinter cell  chaos theory\system\splintercell3.exe |
    "{BEFFA33E-DC33-471A-9727-B670EA916C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsvideoeditor\avsvideoeditor.exe |
    "{BFF6FA0D-482E-42AD-9EB0-A776CCB1377E}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsaudioeditor\avsaudioeditor.exe |
    "{C12910E7-481C-4A9D-B666-744C0315E5CF}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsaudioconverter\avsaudioconverter.exe |
    "{C37947D3-8A9B-4F47-B549-0A39108EC051}" = protocol=6 | dir=in | app=c:\games\mvp baseball 2003\mvp2003.exe |
    "{C4CE4CA5-CEAB-4EE8-8D6A-48051912658C}" = protocol=6 | dir=in | app=f:\downloads\012710\setup.exe |
    "{C80D8BAE-D935-4200-8CCD-E5285FAEF5C8}" = protocol=17 | dir=in | app=c:\games\half life\blue shift\blue-shift\bshift.exe |
    "{C9BB6457-D8CF-4AF4-BE1D-15A03A22E6C2}" = protocol=17 | dir=in | app=c:\games\aoe 3 asian dynasties\age3y.exe |
    "{CA0F320D-F3B8-433E-A262-822AEDD01A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsdocumentconverter\avsdocumentconverter.exe |
    "{CE975B49-ED9B-4A0C-9015-27DFBC343DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avssoftwarenavigator\avs4yousoftwarenavigator.exe |
    "{CEA50A70-1288-4605-900D-D50F487AD448}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
    "{D001849C-409B-42CE-9030-DAC6670E425A}" = protocol=58 | dir=in | [email protected],-28545 |
    "{D085AFB2-3340-441E-9637-46EABAA51B60}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{D0F24888-AA56-41AD-9520-BA8044AD436F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
    "{D2A3A1C1-1839-45E4-9EBB-2CEF0A7F52E5}" = protocol=6 | dir=in | app=c:\games\splinter cell  chaos theory\system\splintercell3.exe |
    "{D53C2955-FE80-4ED8-BC58-B5B677D1F919}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsregistrycleaner\avsregistrycleaner.exe |
    "{D6443658-52F9-4BF1-9808-D44C69A9ADA5}" = protocol=17 | dir=in | app=c:\games\dig dug\virtuanes.exe |
    "{D717135B-55F5-411B-AA7A-32A70DA7CCBF}" = protocol=17 | dir=in | app=c:\games\rainbow 6\rainbowsix.exe |
    "{DB4534EA-92A3-4FC7-ACF1-A3463EF27E23}" = protocol=6 | dir=in | app=c:\program files (x86)\netzero\exec.exe |
    "{DBA57435-7CD4-4257-A0B8-A7805822D42B}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
    "{DBAF5C1F-72B7-4BA0-82BF-638A3EDC2B4E}" = protocol=17 | dir=in | app=c:\games\nukem manhattan\dukenukemmp.exe |
    "{DC289CE3-D438-48E5-9894-9F597350C88D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{DCDCFDAA-D5E1-4221-802C-6416B78CF47A}" = protocol=17 | dir=in | app=c:\games\aoe 3 the war chiefs\age3x.exe |
    "{DD811742-372C-48B8-8F7B-3B827548DBDD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\avsmedia\videouploader\avsvideouploader.exe |
    "{E348EB09-F456-486B-A622-ED066FE83551}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsaudioconverter\avsaudioconverter.exe |
    "{E593D1F1-88CD-4998-9069-0AF6FF874776}" = protocol=17 | dir=in | app=c:\games\avp2\avp2.exe |
    "{E6A3225B-94E5-4784-8B20-5DA4DA060223}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsimageconverter\avsimageconverter.exe |
    "{E7BDDAA4-324B-4DBD-A949-C3D9766E1A54}" = protocol=17 | dir=in | app=c:\games\mvp baseball 2003\mvp2003.exe |
    "{E804B426-EBA6-4AD6-9ADF-B94CAAE494BF}" = protocol=6 | dir=in | app=c:\games\raiders\raidersdemo\sofrdemo.exe |
    "{E92F6543-490F-457B-A532-6E095858E280}" = protocol=6 | dir=in | app=c:\games\uno\uno - undercover\uno undercover.exe |
    "{E93C533F-90AF-4860-9B48-C80097E1ED34}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsdisccreator\avsdisccreator.exe |
    "{EBD06E1F-D1B9-4AE6-B40B-9A739DFA1F52}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{EC89716A-D4D3-41CC-8708-81AB7247E1A1}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsaudioeditor\avsaudioeditor.exe |
    "{F061E905-F486-4112-9ADC-6E0D93BA6CBD}" = protocol=17 | dir=in | app=c:\games\ghost - graw 2\ghost recon advanced warfighter 2\graw2_dedicated.exe |
    "{F2BBC5A2-7CFF-41F2-890B-675B198A20B4}" = protocol=6 | dir=in | app=c:\games\hidden and dangerous\bin\hde.exe |
    "{F2D3116B-4895-4BFE-8195-6FC9C0DB9999}" = protocol=6 | dir=in | app=c:\program files (x86)\4musics mp3 bitrate changer\mp3-mp3.exe |
    "{F4178DE3-D679-460A-BD3A-78E1FD407E80}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avscovereditor\avscovereditor2.exe |
    "{F436A693-841B-447C-95CD-FF00FC2CEED2}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{F571E2C5-8A35-4577-A1CB-6869DDF756F1}" = protocol=17 | dir=in | app=c:\program files (x86)\avs4you\avsdisccreator\avsdisccreator.exe |
    "{F684EFD8-540C-4FB6-987A-DC727F787504}" = protocol=6 | dir=in | app=c:\games\pure sudoku\puresudoku.exe |
    "{F7A36996-0367-4B6F-BA20-CD0AA684CE2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avs4you\avsringtonemaker\avsringtonemaker.exe |
    "{F7AFE5B5-305E-4175-9285-5F9E7EF91AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\uniblue\driverscanner\launcher.exe |
    "{FB3D1199-E138-4A14-94C6-954508883CE4}" = protocol=6 | dir=in | app=c:\games\half life\blue shift\blue-shift\bshift.exe |
    "{FB4365BA-B7B8-4575-9342-C403EA990ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\juno\exec.exe |
    "{FC3BAF8D-801F-4A68-A9F9-5CC35F36F907}" = protocol=58 | dir=out | [email protected],-28546 |
    "TCP Query User{0D0CEA61-BB30-4349-A336-87442404FE2A}C:\games\delta force\df.exe" = protocol=6 | dir=in | app=c:\games\delta force\df.exe |
    "TCP Query User{0F0E318C-BE84-4E8A-A00D-21015C12DD20}C:\games\links 2001\linksmmi.exe" = protocol=6 | dir=in | app=c:\games\links 2001\linksmmi.exe |
    "TCP Query User{2C5E535E-6B3A-4E0E-A94B-DF7024BD499D}C:\program files\juno\bin\juno.exe" = protocol=6 | dir=in | app=c:\program files\juno\bin\juno.exe |
    "TCP Query User{2E1AC75B-2353-42A2-B5CF-1A69373E00D6}C:\games\sc double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\games\sc double agent\scda-offline\system\splintercell4.exe |
    "TCP Query User{503593DA-945C-4846-A5ED-F05AD0D38625}C:\games\super powers 2\joshua.exe" = protocol=6 | dir=in | app=c:\games\super powers 2\joshua.exe |
    "TCP Query User{66853B02-6596-4489-916D-8B29FAE01AFD}C:\program files\juno\bin\juno.exe" = protocol=6 | dir=in | app=c:\program files\juno\bin\juno.exe |
    "TCP Query User{66F39198-0299-4D03-B67D-4E5C6293B4B3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{B0DE7C5C-C1B6-4D3A-B5E8-D2F1F46706B2}C:\games\soldier of fortune 2\sof2mp.exe" = protocol=6 | dir=in | app=c:\games\soldier of fortune 2\sof2mp.exe |
    "TCP Query User{FF565E56-2738-4E0A-90CE-2A965B007B66}C:\games\quake 3 arena demo\quake3.exe" = protocol=6 | dir=in | app=c:\games\quake 3 arena demo\quake3.exe |
    "UDP Query User{157F4DAF-E1A4-4B00-BE22-5CA36CD8225F}C:\games\super powers 2\joshua.exe" = protocol=17 | dir=in | app=c:\games\super powers 2\joshua.exe |
    "UDP Query User{294B4021-234C-4ECE-94EE-97FC51D90A2B}C:\games\delta force\df.exe" = protocol=17 | dir=in | app=c:\games\delta force\df.exe |
    "UDP Query User{29B3CAE8-B043-4574-B89B-8C1A6DA63775}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{58D8F8DC-55E8-4996-A851-E19908F1EC4E}C:\games\links 2001\linksmmi.exe" = protocol=17 | dir=in | app=c:\games\links 2001\linksmmi.exe |
    "UDP Query User{A5727D22-CD1B-4B07-A523-02C47A6ED1B5}C:\games\sc double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\games\sc double agent\scda-offline\system\splintercell4.exe |
    "UDP Query User{B214C688-FD63-45EE-899B-A00CE1C8491A}C:\program files\juno\bin\juno.exe" = protocol=17 | dir=in | app=c:\program files\juno\bin\juno.exe |
    "UDP Query User{CD3BD917-A668-443E-84EE-53C27132C3A2}C:\program files\juno\bin\juno.exe" = protocol=17 | dir=in | app=c:\program files\juno\bin\juno.exe |
    "UDP Query User{CF25E6BE-22F6-4EAD-A729-D1C9DBAEA44A}C:\games\soldier of fortune 2\sof2mp.exe" = protocol=17 | dir=in | app=c:\games\soldier of fortune 2\sof2mp.exe |
    "UDP Query User{D1480BDC-3264-45DF-8896-AB3B5FFE3C23}C:\games\quake 3 arena demo\quake3.exe" = protocol=17 | dir=in | app=c:\games\quake 3 arena demo\quake3.exe |
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "Software Informer_is1" = Software Informer 1.2
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
    "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
    "{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}" = Wheel of Fortune 2nd Edition
    "{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
    "{3209C8A2-558C-445C-832B-1AC552F59B11}" = Hoyle Demo
    "{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "{37C28A3E-ADDC-484F-B7C4-A522B8E559DE}" = Superpower 2 - demo
    "{3A681D82-5167-4418-BEBA-E8991486665B}" = Bing Bar
    "{3C8C45D0-3DBF-4DC8-008D-0538032FDC12}" = MVP Baseball 2003
    "{3D9E0F32-83ED-4D59-B27F-EEA19744A51E}" = Emergency Fire Response Demo
    "{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.0
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45EFEFDC-0007-4D31-A69E-8125F0229ACA}" = Aliens versus Predator 2 Demo
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
    "{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
    "{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
    "{6741E797-825C-44C1-AFE7-ED94C4817FBD}" = Boku Sudoku
    "{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
    "{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project
    "{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{a0296e52-6e9b-11d6-ace4-00105a0cf83f}" = Juno Internet
    "{A4CEB917-6912-48AC-8999-588A3F3A8EEF}" = PC Attorney
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B84DEFE1-0175-47C9-BC1D-8645FCBC0ECE}_is1" = Webshots Wallpaper & Screensaver version 1.2.3.123
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BE8DD809-A406-40E2-AB9F-28E69E737383}" = PKZIP for Windows 9.00.0010
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
    "{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
    "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
    "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2009
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "3M™ Cloud Library PC App" = 3M™ Cloud Library PC App 1.39
    "7-Zip" = 7-Zip 9.22beta
    "8461-7759-5462-8226" = Vuze
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Adobe AIR" = Adobe AIR
    "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
    "Aliens versus Predator" = Aliens versus Predator
    "AnyDVD" = AnyDVD
    "AVS Audio Converter_is1" = AVS Audio Converter 7
    "AVS Audio Editor_is1" = AVS Audio Editor 7.2
    "AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
    "AVS Disc Creator_is1" = AVS Disc Creator 5
    "AVS Document Converter_is1" = AVS Document Converter 2.2.8
    "AVS DVD Copy_is1" = AVS DVD Copy 4.1.2.283
    "AVS Image Converter_is1" = AVS Image Converter 2.3.2.248
    "AVS Media Player_is1" = AVS Media Player 4.2.2.104
    "AVS Photo Editor_is1" = AVS Photo Editor
    "AVS Registry Cleaner_is1" = AVS Registry Cleaner 2.3.1.255
    "AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
    "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor_is1" = AVS Video Editor 6
    "AVS Video Recorder_is1" = AVS Video Recorder 2.5
    "AVS Video ReMaker_is1" = AVS Video ReMaker 4.2.2.153
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
    "AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2
    "Beetle Crazy Cup" = Beetle Buggin'
    "CloneDVD2" = CloneDVD2
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Daikatana" = Daikatana
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "Delta Force" = Delta Force
    "Duplicate Cleaner Free" = Duplicate Cleaner Free 3.2.3
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "GameSpy Arcade" = GameSpy Arcade
    "GetRight_is1" = GetRight
    "GetSavin" = GetSavin
    "G-Force" = G-Force
    "Google Chrome" = Google Chrome
    "GTA2" = GTA2
    "Gunman Chronicles" = Gunman Chronicles
    "Half-Life" = Half-Life
    "Half-Life: Blue Shift" = Half-Life: Blue Shift
    "Half-Life: Opposing Force" = Half-Life: Opposing Force
    "Halo" = Microsoft Halo
    "Heretic2UninstallKey" = Heretic II
    "Homepage Protection" = Homepage Protection
    "hp print screen utility" = hp print screen utility
    "HP Remote Solution" = HP Remote Solution
    "IcoConverter" = Ico Converter 1.4
    "Incinerate_is1" = Incinerate
    "Insectoid 1.0.2" = Insectoid 1.0.2
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
    "InstallShield_{3209C8A2-558C-445C-832B-1AC552F59B11}" = Hoyle Demo
    "InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
    "InstallShield_{37C28A3E-ADDC-484F-B7C4-A522B8E559DE}" = Superpower 2 - demo
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial
    "InstallShield_{8B9336DB-8D04-4325-BAFC-C7141D8E6CA1}" = Duke Nukem - Manhattan Project
    "InstallShield_{ABFE9B50-BA4B-4FDF-A943-EA025119DBED}" = Age of Empires III - The WarChiefs Trial
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
    "Links 2001 Demo 1.0" = Microsoft Links 2001 Demo
    "Mario Forever 5.0" = Mario Forever 5.0
    "Mario Forever 5.01" = Mario Forever 5.01
    "Mario Forever 5.08 Direct X" = Mario Forever 5.08 Direct X
    "Mplayer.com" = Mplayer.com
    "MVApplication1" = Memorex exPressit Label Design Studio
    "New Super Mario Forever PC" = New Super Mario Forever PC
    "NIS" = Norton Internet Security
    "Open Yahtzee" = Open Yahtzee
    "Painkiller" = Painkiller
    "Painkiller - Battle Out Of [bleep]" = Painkiller - Battle Out Of [bleep]
    "Plants vs. Zombies" = Plants vs. Zombies
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Pure Sudoku Deluxe_is1" = Pure Sudoku Deluxe 1.52
    "Quake 3 Arena Demo" = Quake 3 Arena Demo
    "Rome Puzzle_is1" = Rome Puzzle
    "SeriousSam2Demo" = Serious Sam 2 Demo
    "ShipSim2008Demo" = Ship Simulator 2008 Demo
    "SKIP-BO Castaway Caper™" = SKIP-BO Castaway Caper™ (remove only)
    "Soldier of Fortune II - Double Helix" = Soldier of Fortune II - Double Helix
    "SolSuite_is1" = SolSuite 2013 v13.2
    "Spin It Again" = Spin It Again
    "STANDARDR" = Microsoft Office Standard 2007
    "SubtitleCreator" = SubtitleCreator
    "Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
    "SystemRequirementsLab" = System Requirements Lab
    "Telltale Texas Hold'em" = Telltale Texas Hold'em
    "Tom Clancy's Rainbow Six" = Tom Clancy's Rainbow Six
    "TurboRisk_is1" = TurboRisk 2.0
    "TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
    "Typer Shark Deluxe 1.01" = Typer Shark Deluxe 1.01
    "UNO - Undercover" = UNO - Undercover (remove only)
    "Wheel Of Fortune" = Wheel Of Fortune
    "WildTangent hp Master Uninstall" = HP Games
    "Wise Disk Cleaner_is1" = Wise Disk Cleaner 8.06
    "WordWeb" = WordWeb
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Download App" = Download App
    "EMPU" = EMPU 2.2.1.4
    "Sansa Updater" = Sansa Updater
     
    ========== Last 20 Event Log Errors ==========
     
    [ Hewlett-Packard Events ]
    Error - 4/22/2013 7:01:00 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 4/28/2013 11:03:33 PM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/5/2013 10:41:31 PM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/5/2013 10:49:06 PM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/5/2013 10:59:45 PM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 60  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/6/2013 8:38:31 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/6/2013 8:38:48 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/6/2013 8:39:09 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/6/2013 8:39:22 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    Error - 5/6/2013 8:39:40 AM | Computer Name = MarkFruehling | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
       at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
     includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
    Path:
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
    RAM:
     1918  Ram Utilization: 50  TargetSite: Void loadActiveCheckResult(Boolean) 
     
    [ System Events ]
    Error - 5/1/2014 7:25:59 PM | Computer Name = MarkFruehling | Source = DCOM | ID = 10010
    Description =
     
     
    < End of report >

     

    I certainly appreciate your help, RK.

     

    Thanks, Mark.
     


    Edited by cabse5, 01 May 2014 - 07:43 PM.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 17 (64-bit) 
    Java 7 Update 9 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Uninstall 
     
    Uniblue RegistryBooster  (no a good thing to have)
     
    Adobe Flash Player 10 Plugin This is obsolete.  Used for Firefox.  If you use Firefox, use it to go to adobe.com and get the latest Flash.  Make sure you uncheck the foistware (toolbars and security scans) before Downloading.
     

    Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

     

    Both of these are obsolete and should be removed.  Get the latest reader from adobe.com.    Make sure you uncheck the foistware (toolbars and security scans) before Downloading.

     

     

    How is it running now?  Are you still seeing your original problem?

     

    • 0

    #7
    cabse5

    cabse5

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts
    Thanks again for your help, RK. Before I act on your last post's suggestions, I'd like to point out a few things:

    The Internet is running great. Not altogether sure if adding the update for Microsoft Windows KB2952664 helped in that regard...
    There's at least one program I'd like to reinstate to my computer: Uniblue Registry Booster 2009. I use it for periodic maintenance of the computer. I have a DVD of said
    application.


    What does Java do, exactly?

    If memory serves, I've attempted to get the X64 IE version, and been unsuccessful. Anything special required?

    Why does the adwCleaner report say I'm using IE 9.11.9600.16428 when tools of Google (my Internet homepage) says I'm using IE 11.0.9600.16428?

    I tried to install a patch from Microsoft, yesterday, an optional patch called IE 11 for Windows 7 X64 systems, and the install failed. Code 9C48. I tried help and... huh?? I looked and I'd successfully installed an IE 11 for Windows 7 X64 Microsoft patch in March, this year. What gives? What's necessary, here, to install
    the current IE patch?

    Should I run these programs: adwCleaner, Junk Removal Tool, Farbar Recovery Scan and Old Timers List periodically to maintain the health of my computer?


    I'm off to perform the next.

    Edited by cabse5, 02 May 2014 - 06:49 AM.

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    There's at least one program I'd like to reinstate to my computer: Uniblue Registry Booster 2009. I use it for periodic maintenance of the computer. I have a DVD of said
    application.

     

     

    Registry cleaners do more harm than good so we do not recommend them.  They are also usually paired with adware.  I didn't do anything to it so if you really love it you can keep it.


     

    What does Java do, exactly?

     

    Java is a programming language.  It's used by some websites because it works independent of Operating Systems and is very powerful.  That's the same reason that malware uses it to get into your system.  Intel uses it on their website to check if you have their products and to see if you need updates.  A lot of coupon printing sites require it.  If they need it they will tell you.  Firefox has started disabling Java and requires you approve its use each time.

     

    If memory serves, I've attempted to get the X64 IE version, and been unsuccessful. Anything special required?

     

    You need to use the 64 bit version of IE to visit Java.com.  They should automatically offer you the correct version.

     

    Why does the adwCleaner report say I'm using IE 9.11.9600.16428 when tools of Google (my Internet homepage) says I'm using IE 11.0.9600.16428?

     

     

     

    I think you mean OTL.  OTL is no longer being developed and IE 11 came out after the last version of OTL so it doesn't properly recognize it.

     

    I tried to install a patch from Microsoft, yesterday, an optional patch called IE 11 for Windows 7 X64 systems, and the install failed. Code 9C48. I tried help and... huh?? I looked and I'd successfully installed an IE 11 for Windows 7 X64 Microsoft patch in March, this year. What gives? What's necessary, here, to install
    the current IE patch?

     

    Is that the only patch that failed?  What is its KB number?  
     

    Should I run these programs: adwCleaner, Junk Removal Tool, Farbar Recovery Scan and Old Timers List periodically to maintain the health of my computer?

     

     

    adwCleaner and Junk Removal Tool would be OK to run once in a while but they are updated often so you should get the newest version each time.  FRST and OTL just look and won't make any changes unless you tell them to.  I suppose if you kept an earlier log and compared you could see changes but it takes some training to know what to do with them.

     

    If you look at your FRST Additions log you will see that almost every game you have installed has also installed a task.  I don't know what these do so didn't touch them.  They probably just check for updates but might be slowing down your boot a bit if they run at startup.  If you no longer use a game I would uninstall it and see if the task goes away.  If not you can go into Task Scheduler:  In the Search box type;  task

    and wait until Task Scheduler shows up at the top.  Right click on it and Run As Admin then click on Task Scheduler Library.  In the upper right pane is a list of tasks.  You can find the task and right click on it and Delete (or Disable) the task.


    • 0

    #9
    cabse5

    cabse5

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts
    I'm trying to do a little at a time, here.. I realized what Microsoft is referring to when Microsoft calls its optional update the Internet Explorer 11 for Windows 7 X64 optional update is IE 11... The same file for IE I installed in March and currently use - IE11-Windows6.1. Maybe Microsoft isn't allowing me to update because I
    already have the file?

    Anyway...I've tried to install IE for X64 bit: IE11-Windows-X64-en-us (for Java x64 if anything else) and Microsoft wouldn't allow the IE change because I have a
    newer version of IE: (IE11-Windows6.1).

    How do I 'regress' my IE so Microsoft allows me to install IE11-Windows-X64-en-us? I want to use a X64 Internet Explorer.

    Edited by cabse5, 03 May 2014 - 02:37 PM.

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I don't use IE myself so had to do a bit of research on how to fire up the 64 bit version.  (I use the 64 bit version of Firefox called Waterfox).  Turns out that since IE10 there is no separate program for 64 bit IE.  You just have to make one little change and reboot and then it always runs in 64 bit mode.  Not exactly user friendly but that's MS for you.  

     

    Follow the instructions here:

     

    http://www.sevenforu...indows-7-a.html

     

    (It talks about ie 10 but it works on my ie 11)

     

    After the reboot go to java.com and when you start the download it will tell you you are getting the 64 bit version.

     

    If it is running OK I think we are done and can clean up:

     

    Copy the following:
     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     
    That will get the last of the malware off the system.
     
     
     
    You can uninstall or delete any tools we had you download and their logs. 
     
    If we ran Combofix:To uninstall combofix, copy the next line:
     
    "%userprofile%\Desktop\combofix.exe" /Uninstall
     
    Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
    then right click, Paste, then hit Enter.
     
     
     
    OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
     
    To hide hidden files again:
     
    Vista or Win7
     
    # Open the Control Panel menu and click Folder Options.
    # After the new window appears select the View tab.
    # Remove the check in the  checkbox labeled Display the contents of system folders.
    # Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
    # Check the checkbox labeled Hide protected operating system files.
    # Press the Apply button and then the OK button and exit My Computer. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
    Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
    (You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
    If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
     Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
     
    You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both.
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while.
     
     
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
    Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0

    #11
    cabse5

    cabse5

      New Member

    • Topic Starter
    • Member
    • Pip
    • 9 posts

    Well, RKinner, I can't access the Internet with IE, now at all.  I'm on a public computer, so I have to copy your previous post to a thumb drive, digest it, and follow your instructions.  I'll start another thread with my latest problems because this one is so cluttered...  Hope you can hang on. 


    Edited by cabse5, 04 May 2014 - 01:00 PM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    If IE won't work after making the change then uncheck the thing you checked and restart or hit the Rest button at the bottom of that page.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP