My computer has been running really slow and having a lot of popups. I think I may have a virus and if I do I'm not sure how to get rid of it. Any help would be appreciated.
Tracy
Computer running slow and popups [Closed]
Started by
tdjones813
, May 03 2014 07:18 AM
-
This topic is locked
#2
Posted 03 May 2014 - 07:30 AM
Machiavelli
-
- GeekU Moderator
-
- 4,722 posts
GeekU Moderator
Hello and Welcome on board tdjones813 
,
my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
Below are a few tips:
Hey,
let's get a overlook over the system with OTL.
Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
,my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
Below are a few tips:
- Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day! - Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky! - Please stay in contact with me until your problem is resolved
As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved. - Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware! - Read my post completely
If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
Hey,
let's get a overlook over the system with OTL.
Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
- Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the
box in OTL. To do that:- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT - Open
on the desktop. To do that:- XP users: Double click on the OTL icon.
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
- Make sure all other windows are closed.
- You will see a console like the one below:
- Click the box beside Scan All Users at the top of the console
- If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
- Make sure the Output box at the top is set to Standard Output.
- Check the boxes beside LOP Check and Purity Check.
- Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
- Click the
button. Do not change any settings unless otherwise told to do so. - Let the scan run uninterrupted.
- When the scan completes, it will open OTL.Txt on the desktop.
- Please copy the contents of these files and paste it into your reply. To do that:
- On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
- Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
- Please do the same for the Extras.txt
- You will see a console like the one below:
#3
Posted 03 May 2014 - 09:17 AM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
OTL logfile created on: 5/3/2014 10:49:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 48.13% Memory free
12.17 Gb Paging File | 8.92 Gb Available in Paging File | 73.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 409.26 Gb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Downloads\OTL.exe
PRC - [2014/04/27 16:56:42 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/04/27 16:56:42 | 001,801,240 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
PRC - [2014/04/27 16:56:42 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/03 14:34:54 | 007,382,528 | ---- | M] (Google Inc.) -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/02/18 09:19:24 | 003,656,272 | ---- | M] (Babylon Ltd.) -- C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
PRC - [2013/08/17 19:03:08 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/26 08:43:52 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/07/26 08:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/26 08:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/27 16:56:42 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/04/27 16:56:42 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/03/03 14:14:00 | 000,253,440 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/03/03 14:13:32 | 000,231,936 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/03/03 14:13:26 | 000,344,064 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/03/03 14:13:26 | 000,117,248 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/02/26 04:06:06 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/26 04:05:55 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 04:05:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 04:05:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 04:05:35 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:05:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:05:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:05:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:05:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:05:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:05:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/12/10 17:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 17:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 17:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 17:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 17:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/28 13:46:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/27 16:56:42 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0)
SRV - [2014/03/28 21:54:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/31 07:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/26 13:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2014/04/19 12:16:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140502.019\ex64.sys -- (NAVEX15)
DRV - [2014/04/19 12:16:31 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys -- (EraserUtilDrv11312)
DRV - [2014/04/19 12:16:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140502.019\eng64.sys -- (NAVENG)
DRV - [2014/03/25 21:03:11 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140502.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/20 23:24:23 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosear...=66528&tsp=5231
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosear...=66528&tsp=5231
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{BC6279F4-8629-4876-8CD6-12EAB8A0A069}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://tmq.bingstart...g=2-168-0-1kqDS
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.buenosear...66528&tsp=5231"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...AD&PC=U160A&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tracy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin: C:\Users\Tracy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/03 03:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 12:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 [2014/04/27 16:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] [2014/04/27 20:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 21:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/28 21:54:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
[2012/12/09 10:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/07/17 08:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2014/04/27 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2014/04/27 20:46:37 | 000,000,000 | ---D | M] (BuenoSearch) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\[email protected]
[2013/09/16 18:44:54 | 000,002,276 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\bingp.xml
[2014/04/27 20:46:37 | 000,006,226 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\buenosearch.xml
[2013/03/19 10:55:00 | 000,009,948 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\Maps4PC_0c.xml
[2014/03/28 21:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/28 21:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/03/28 21:54:43 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/03/28 21:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 21:54:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/09 12:49:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/08/17 19:03:19 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: AVG Security Toolbar = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.0.443_0\
CHR - Extension: Google Wallet = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: ArcadeFrontier = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl\2.3.2_0\
O1 HOSTS File: ([2013/07/23 09:15:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (no name) - {ac3eb537-a86d-4a88-802a-79918db4abe7} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (buenosearch Helper Object) - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (buenosearch Toolbar) - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\Toolbar\WebBrowser: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [BitTorrent] "C:\Users\Tracy\AppData\Local\Temp\utt76D3.tmp.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [MusicManager] C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/05/03 03:20:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/30 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/04/30 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Programs
[2014/04/27 20:46:48 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\BabSolution
[2014/04/27 20:46:44 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Babylon
[2014/04/27 20:46:42 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Babylon
[2014/04/27 20:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\buenosearch LTD
[2014/04/27 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\buenosearch LTD
[2014/04/27 20:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2014/04/27 20:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2014/04/27 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/04/10 03:05:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/04/10 03:05:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/04/10 03:05:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/10 03:05:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/10 03:05:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/10 03:05:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/10 03:05:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/04/10 03:05:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/04/10 03:05:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/10 03:05:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/10 03:05:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/10 03:05:40 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/10 03:05:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/04/10 03:05:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/04/10 03:05:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/09 08:06:57 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/04 19:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juno
[2014/04/04 19:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Juno
[2014/04/04 19:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\JunoInstaller
[2013/07/28 13:34:59 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/03 10:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2014/05/03 10:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/03 10:42:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/03 10:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/03 09:23:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/03 09:23:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/03 09:12:30 | 000,001,769 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2014/05/03 09:12:28 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/03 09:02:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/03 06:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2014/05/03 03:01:46 | 000,781,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/03 03:01:46 | 000,646,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/03 03:01:46 | 000,120,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/02 20:18:18 | 005,071,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/01 21:32:07 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/05/01 20:12:37 | 000,271,360 | ---- | M] () -- C:\Users\Tracy\Documents\Outlook.pst
[2014/05/01 11:10:51 | 001,619,774 | ---- | M] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/05/01 11:07:46 | 000,063,163 | ---- | M] () -- C:\Users\Tracy\Desktop\BONUS PROGRAM.pdf
[2014/04/30 13:54:45 | 000,058,208 | ---- | M] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:27 | 000,000,598 | ---- | M] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:25 | 000,023,805 | ---- | M] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | M] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | M] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | M] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | M] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/28 13:46:58 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/28 13:46:58 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/27 20:46:28 | 000,000,966 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2014/04/27 20:46:28 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2014/04/27 18:15:07 | 000,043,220 | ---- | M] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/27 16:57:01 | 000,003,701 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/26 21:20:20 | 000,045,692 | ---- | M] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/25 17:54:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2014/04/24 12:16:14 | 000,068,374 | ---- | M] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | M] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/14 10:32:18 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/04/13 18:29:16 | 920,617,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/12 19:41:22 | 000,190,375 | ---- | M] () -- C:\Users\Tracy\Desktop\1395425_10200685089790155_1900174911_n.jpg
[2014/04/06 09:55:30 | 000,000,000 | -H-- | M] () -- C:\Users\Tracy\Documents\Default.rdp
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 14:43:36 | 001,619,774 | ---- | C] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/04/30 13:54:44 | 000,058,208 | ---- | C] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:26 | 000,000,598 | ---- | C] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:24 | 000,023,805 | ---- | C] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | C] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | C] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | C] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | C] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 20:46:28 | 000,000,966 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2014/04/27 20:46:28 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2014/04/27 18:15:07 | 000,043,220 | ---- | C] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/26 21:20:20 | 000,045,692 | ---- | C] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/24 12:16:14 | 000,068,374 | ---- | C] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | C] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/13 18:29:16 | 920,617,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/06 09:55:30 | 000,000,000 | -H-- | C] () -- C:\Users\Tracy\Documents\Default.rdp
[2013/10/15 08:42:53 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2013/07/28 13:34:57 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/07/28 12:40:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/18 15:05:30 | 000,009,728 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/17 21:23:01 | 000,003,701 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/06/26 10:10:58 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/26 10:10:18 | 000,003,726 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,008,264 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2011/12/30 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/12/30 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2014/03/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\.mono
[2010/07/03 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/05/15 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Acoustica
[2009/08/07 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Alawar
[2012/03/18 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AlawarEntertainment
[2010/07/05 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Artogon
[2013/08/12 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AstImageBack
[2013/03/14 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG
[2011/02/20 10:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Awem
[2009/12/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Azuaz Games
[2014/04/27 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BabSolution
[2014/05/03 03:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Babylon
[2010/10/15 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Fish Games
[2012/12/31 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Top Games
[2014/05/02 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BitTorrent
[2010/06/20 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Boomzap
[2014/04/27 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\buenosearch LTD
[2010/02/06 08:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\casanova
[2010/09/15 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Casual Mechanics
[2010/09/08 08:33:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina Marketing Corp
[2013/04/11 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina – Print Savings
[2011/02/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\cerasus.media
[2013/10/15 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/14 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Curious Sense
[2010/06/19 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/05/06 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/05/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRose_iWin
[2010/02/22 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Dekovir
[2009/12/01 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\E-centives
[2010/01/26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\ElementalsTheMagicKey
[2010/09/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enki Games
[2010/08/28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus2SE_BFG
[2010/01/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus_Real
[2010/04/05 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\EscapeTheMuseum2
[2009/10/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Eyeblaster
[2010/04/23 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FinalMediaPlayer
[2009/06/21 07:06:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FloodLightGames
[2013/04/01 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Foxit Software
[2011/02/11 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Friday's games
[2013/06/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FrostWire
[2009/12/21 08:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fuel Industries
[2010/07/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fugazo
[2013/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\funkitron
[2010/04/25 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse
[2009/09/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse 3 Days Zoo Mystery
[2010/06/30 06:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1000
[2009/12/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1001
[2013/08/10 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamelab
[2010/10/14 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamers Digital
[2010/01/28 02:14:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GetRightToGo
[2011/05/27 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gogii
[2010/01/14 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gold Casual Games
[2009/07/16 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GOL_byHasbro
[2009/06/30 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GSC 2.00
[2010/06/28 06:39:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\gtk-2.0
[2010/05/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\HdO Adventure
[2013/07/28 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Hopster
[2010/02/22 23:20:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\InfraRecorder
[2010/07/14 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\KranX Productions
[2010/06/21 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Lazy Turtle Games
[2009/09/15 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leadertech
[2010/07/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient
[2010/03/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/11 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Ludia
[2009/11/02 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Magic Academy 2
[2009/12/08 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MastersOfMystery2
[2009/08/20 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Meridian93
[2010/09/25 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Merscom
[2010/06/22 22:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\mjusbsp
[2011/01/19 02:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MusicNet
[2010/07/08 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mutant Arcade
[2011/05/03 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MysteryStudio
[2009/11/15 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mysteryville2
[2011/07/03 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NetMedia Providers
[2010/06/24 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Oberon Media
[2013/02/19 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\OpenOffice.org
[2012/07/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
[2011/02/10 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Phantasmat_bf_se1
[2009/05/26 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PictureMover
[2012/07/15 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayFirst
[2011/02/28 09:49:55 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayPond
[2009/11/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Playrix Entertainment
[2010/01/09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PoBros
[2010/01/21 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Princess Isabella
[2011/07/02 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Publish Providers
[2011/02/28 11:30:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\QB9
[2010/06/29 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Quirky Games
[2009/11/21 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Righteous Kill
[2013/08/12 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Samsung
[2010/04/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Settlement. Colossus
[2010/07/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SevenSails
[2010/03/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Silverback Productions
[2010/08/15 13:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sky Bros
[2014/05/03 03:16:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
[2013/03/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sony
[2010/09/02 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Specialbit
[2009/08/20 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop
[2009/08/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop Games
[2012/02/06 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/24 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Stamps.com Internet Postage
[2013/06/11 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SumatraPDF
[2011/03/13 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SynthMaker
[2011/10/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Temp
[2009/05/29 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Template
[2010/01/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TheFixerUpper
[2010/06/05 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Tific
[2010/02/02 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TitanicMystery
[2009/11/19 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TMInc
[2009/12/14 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Total Eclipse
[2011/05/01 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
[2013/03/14 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
[2011/09/27 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Unity
[2009/07/20 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\V-Games
[2010/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\VampireSaga
[2011/11/28 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Visan
[2011/07/08 08:50:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Vogat Interactive
[2010/01/20 02:12:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WeatherBug
[2014/01/14 09:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangent
[2010/07/01 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangentv1000
[2009/06/24 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WinBatch
[2011/05/01 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2006/11/02 07:16:28 | 000,026,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2008/01/20 22:48:17 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2008/01/20 22:48:16 | 000,080,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/04/11 03:11:13 | 000,458,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bfe.dll -- (BFE)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/04/11 03:11:14 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2008/01/20 22:49:11 | 000,103,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 00:12:34 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/04/11 03:11:14 | 000,268,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcsvc.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 12:12:21 | 000,117,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2008/01/20 22:50:17 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/04/11 03:11:15 | 000,024,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2008/01/20 22:48:03 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/04/11 03:11:15 | 000,533,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipsecsvc.dll -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/04/11 03:11:26 | 000,480,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2008/01/20 22:49:56 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2008/01/20 22:48:10 | 000,348,160 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2008/01/20 22:48:40 | 000,304,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2008/01/20 22:49:21 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2008/01/20 22:50:27 | 000,206,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2008/01/20 22:49:42 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/04/11 03:11:27 | 000,313,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2009/04/11 03:11:14 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\emdmgmt.dll -- (EMDMgmt)
SRV:64bit: - [2008/01/20 22:48:24 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/04/11 03:11:22 | 000,309,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2008/01/20 22:49:09 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/04/11 03:11:31 | 000,074,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/09/06 14:28:38 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/10 07:51:23 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2009/04/11 03:10:35 | 002,582,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SLsvc.exe -- (slsvc)
SRV:64bit: - [2010/11/06 07:18:13 | 000,855,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/04/11 03:11:26 | 000,318,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/10 07:51:23 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (Themes)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (Themes)
SRV:64bit: - [2009/04/11 03:11:22 | 000,178,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/04/11 03:11:03 | 001,433,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vssvc.exe -- (VSS)
SRV:64bit: - [2009/04/11 03:11:13 | 000,446,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/04/11 03:11:13 | 000,446,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\Audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2008/01/20 22:47:28 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SDRSVC.dll -- (SDRSVC)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/11 03:11:28 | 001,491,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (Eventlog)
SRV:64bit: - [2009/04/11 03:11:15 | 000,603,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mpssvc.dll -- (MpsSvc)
SRV:64bit: - [2009/04/11 03:11:28 | 000,572,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/04/11 03:10:29 | 000,125,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/04/11 03:11:29 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/04/11 03:11:14 | 000,208,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/11 15:11:20 | 000,615,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/06/10 07:53:17 | 000,203,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/04/06 20:19:29 | 003,079,680 | ---- | M] (Microsoft Corporation) MD5=513619A8ABBF19F34D4308E91D1EC89D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_b038be1d4865a6ca\explorer.exe
[2009/04/06 20:19:29 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=5EF11AC92B68B4B8058A3A4F037F26CE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.20610_none_ba8d686f7cc668c5\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: MPSVC.DLL >
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Program Files\Windows Defender\MpSvc.dll
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_b3db4c4e108c89fb\MpSvc.dll
[2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) MD5=7D2A43E8FDF725A1133F6C6056A72CDC -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_b5c6c55a0dae5547\MpSvc.dll
< MD5 for: QMGR.DLL >
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\erdnt\cache64\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SysNative\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 22:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll
< MD5 for: RPCSS.DLL >
[2009/03/03 00:40:28 | 000,724,992 | ---- | M] (Microsoft Corporation) MD5=007F8DE7AC0F9386C3FD2EC7DC87C37A -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2009/03/03 00:57:01 | 000,718,336 | ---- | M] (Microsoft Corporation) MD5=52CDADE8289FF21F1F2215FF51A5F36C -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2009/03/03 00:35:22 | 000,724,992 | ---- | M] (Microsoft Corporation) MD5=54FF562C2710BB610B019D723B16FB2A -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2009/03/03 00:59:29 | 000,717,824 | ---- | M] (Microsoft Corporation) MD5=857E04C16007E60FCC0803239C853E78 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\erdnt\cache64\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\SysNative\rpcss.dll
[2009/04/11 03:11:23 | 000,719,872 | ---- | M] (Microsoft Corporation) MD5=CF8B9A3A5E7DC57724A89D0C3E8CF9EF -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2008/01/20 22:51:07 | 000,713,728 | ---- | M] (Microsoft Corporation) MD5=FF27BE0BA7B3C48D5C99AFCB56D436C2 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
< MD5 for: SERVICES >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\erdnt\cache64\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.PNG >
[2008/11/04 19:35:20 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PC-Doctor for Windows\Images\img16_16\services.png
[2008/11/04 19:35:30 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PC-Doctor for Windows\Images\img32_32\services.png
[2008/11/04 19:35:40 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PC-Doctor for Windows\Images\img64_64\services.png
[2008/11/04 19:35:36 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PC-Doctor for Windows\Images\img48_48\services.png
[2008/11/04 19:35:26 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PC-Doctor for Windows\Images\img24_24\services.png
< MD5 for: SERVICES.RDB >
[2012/08/13 11:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 11:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 16:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 02E3-F964
Directory of C:\
11/02/2006 11:42 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 11:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 11:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 11:42 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 11:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 11:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 11:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 11:42 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 11:42 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 11:42 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 11:42 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 11:42 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 11:42 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 11:42 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 11:42 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 11:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 11:42 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 11:42 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 11:42 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 11:42 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 11:42 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 11:42 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 11:42 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 11:42 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Tracy
05/26/2009 11:57 AM <JUNCTION> Application Data [C:\Users\Tracy\AppData\Roaming]
05/26/2009 11:57 AM <JUNCTION> Cookies [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Cookies]
05/26/2009 11:57 AM <JUNCTION> Local Settings [C:\Users\Tracy\AppData\Local]
05/26/2009 11:57 AM <JUNCTION> My Documents [C:\Users\Tracy\Documents]
05/26/2009 11:57 AM <JUNCTION> NetHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/26/2009 11:57 AM <JUNCTION> PrintHood [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/26/2009 11:57 AM <JUNCTION> Recent [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Recent]
05/26/2009 11:57 AM <JUNCTION> SendTo [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\SendTo]
05/26/2009 11:57 AM <JUNCTION> Start Menu [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu]
05/26/2009 11:57 AM <JUNCTION> Templates [C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\AppData\Local
05/26/2009 11:57 AM <JUNCTION> Temporary Internet Files [C:\Users\Tracy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\AppData\LocalLow
09/14/2010 06:36 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Tracy\Documents
05/26/2009 11:57 AM <JUNCTION> My Music [C:\Users\Tracy\Music]
05/26/2009 11:57 AM <JUNCTION> My Pictures [C:\Users\Tracy\Pictures]
05/26/2009 11:57 AM <JUNCTION> My Videos [C:\Users\Tracy\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
48 Dir(s) 439,283,916,800 bytes free
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
#4
Posted 03 May 2014 - 09:20 AM
Machiavelli
-
- GeekU Moderator
-
- 4,722 posts
GeekU Moderator
Hey 
Is there an Extras.txt located here: C:\Users\Tracy\Downloads ? If yes , could you please post it into your next reply, if not could you please follow the steps below.
Is there an Extras.txt located here: C:\Users\Tracy\Downloads ? If yes , could you please post it into your next reply, if not could you please follow the steps below.
- Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
- Click the none Button
- Change the following options:
- Extra Registry > All
- Click Run Scan to start OTL.
- When OTL finishes scanning, Extras.txt will open
- Copy (Ctrl+C) and Paste (Ctrl+V) the content of Extras.txt into your next post please.
#5
Posted 03 May 2014 - 05:15 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
OTL Extras logfile created on: 5/3/2014 10:49:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 48.13% Memory free
12.17 Gb Paging File | 8.92 Gb Available in Paging File | 73.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 409.26 Gb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 93 6B 3A F4 BE 12 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022700E4-C3AA-47CE-9064-0DA284A1069D}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher |
"{02B07793-F2E3-4736-B70A-849C06750676}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{05ABA71E-A39E-485C-AB25-3F163A727CA4}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{07728343-016F-4665-8526-24448A5DD282}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{20165D07-8C71-4C2A-8802-F55EE915C63D}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E951453-720A-4249-9586-05D7AA4727B7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{3A4F6A3F-BF41-4CC5-9A62-8B6C6FEB2237}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C8A3050-1BCF-40CA-88F7-D661D8574826}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5F5571BF-7784-4DD2-A62E-AA7E6F4F997A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6CBD6722-9D6F-4FE4-87EF-9BD830111370}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{83F46227-0988-420F-BBF4-C8825C7DF139}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{8E606540-D504-4C38-BCAD-58C2484B3B85}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9123154A-33DD-46AE-81F3-C4DA2252E732}" = rport=139 | protocol=6 | dir=out | app=system |
"{928511F3-B73E-451C-BD91-69BBD006055A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97D3829D-418C-4F3F-B146-EEABFA7CD53C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1A4655B-AED0-49FF-94A3-E9ED072EB07B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B2484551-66BB-44DE-B03C-DC072C9C9099}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4BC3A86-3241-42E2-9594-17FFFC1CF457}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{B6D58AD9-F690-405C-97A3-C7F44311ECBB}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{BED21D73-DAD4-42E5-92CE-41A741AA704C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF347618-1D11-4A54-9DF1-0483AEEE40C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1881663-3440-4B3A-BBDF-8A04EC062FC7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{D9D0546E-2AE9-4DB6-B1A7-2C50811443EF}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher |
"{DF6299E0-1133-48C9-86C4-0E949F4EB961}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E05E59A8-EC9E-43C5-A3C4-4B37E736FD7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7FF0742-5E15-43F4-AAEB-A666E946C452}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{E9FAFCC6-959C-4A5C-8405-5CC1C62F6DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC2F3F3F-02D5-4C2D-939B-5C3E8B813430}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF3E6CE9-3C6D-46EA-B5CA-301D9F88699C}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{F34EE361-3696-48D9-8F77-B0BF37004ECC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F4B8ADE0-A2AF-4DF5-8774-CA4AA5DCE99D}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{F5523455-8AE3-44F3-B329-AC389FF83254}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FCE6175C-7C39-45C2-B171-7F9E1B69A76D}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6718A-8E09-4CA1-B8B5-A4C0044A7758}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{01BC55B3-328C-4F2A-A108-ABBFE63C8F69}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{01FF8286-39C6-4FE0-947D-244AA268C7D3}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{024213FA-3AA4-4D2F-883D-8C6B41C5557C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{03B87268-8026-4964-AB74-9442A9527DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{03F0A393-423E-44EF-A0BE-EF8AEF115BE6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0512BC72-EB54-4FA7-97B3-C23E6FC60423}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{0ACF825D-90A1-45D8-8FEE-C74F7947B0CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BC4327E-A702-4730-8DB0-F5FA0A346E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{0C70712C-9E60-4A87-B1D3-422371D07ACA}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe |
"{0D2D1A82-3E6B-4BEF-BCF8-1B50CECB9647}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{10C51848-1D42-419E-B183-C2CBB90157CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{12258B35-15E9-470A-BBFC-A635CB5409EB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{130C89D7-9708-4AA3-B83A-A0685C1DE471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{167BAC5F-66F1-496E-83FE-FEC1BBECD937}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1AA0F2F2-94E2-4504-885E-D3869579E666}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{219B88B5-8CF7-44FC-BF8E-0F4B14B47A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{2269EF80-7F0A-420E-9296-E1C90C21F06F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{28FF4D64-F878-4127-B93D-D44969ED30CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{290A621F-B02E-4B9F-B49F-C0A4D520BB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{29C06FFF-141B-4984-A985-333831B5C6C3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2A96866F-DDCA-45B1-AAB1-7B72761C51BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{2B9065E4-B38A-4B2E-95FE-85B9D17C4F26}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2E8905DE-ABEA-470B-A959-3A8C1B226F2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2F5AB145-62E8-499E-9A61-01F50FF90186}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{304BE9BC-53E6-471E-96BB-2A07356833C8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3296C788-A0B8-4E65-B1F5-EC49A46E940D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3367A87F-8FCC-4DD5-AB8E-2058A82F7DDD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{351991C6-9C1B-465E-B4D8-0428FDDF5A8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{38D50BD5-ED1F-4846-BDA4-483A328E5418}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3AF51FA2-B88F-428F-9E02-E9CA3ECCEE85}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3B0C5432-6F40-4547-82F8-DC3789AD5A94}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3B589690-2BBF-48C7-848C-92DDB873E450}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3BEA67E9-4868-4976-B2A3-36AD9BCC73E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4105241A-5238-49F2-B4C7-D7CBCFDC29E4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{4317138B-437F-49BD-8192-28813CD80D6E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{45E03FD5-D6DB-4C3A-AC2D-8A62323D38C1}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{46583094-2E15-4760-806C-F67B4631FD35}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{4BE629F0-2CE7-411F-98C9-D180DF40F454}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{4E008D07-3A65-410E-B0D8-04BEF9711CAB}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe |
"{500E9717-D26C-4264-87DE-3CBC217C565A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{51045EF8-309A-46FB-8969-AD2B2F59526B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{546DFAA5-E74F-4E4B-AE14-D4AFF06AF8A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{561FED2D-11D0-4C97-AC96-970D18D1F9AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{57FCFD95-FA80-41B1-9D3D-F09B6C1CFE52}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{59E43124-7209-4202-A50D-7DA2F8934855}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{607FB60F-D124-4AEE-82D3-61A45EE1B434}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe |
"{64E2D6B5-49E9-4772-9F86-229FBD1166C3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{64FC7C2C-2796-443A-A29A-04D3D21CF502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6918E4AE-D8FC-49E8-91AF-97584B62BE41}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6974B65A-A961-411A-9250-58AEA79B446E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{73703FB0-8C6A-4149-B0D9-6E68B5193BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{76126DD7-B6A0-452E-B4FD-348970EE4E25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{77E6B2DC-097D-47A2-93F3-13502B8B59E1}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{7A9A5A19-B0F4-43AC-8714-28604822A893}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7EB78C91-089F-4FD2-A41A-FC1F38C8A075}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{7F3023F6-E0BE-481B-93E5-A1858C22A94A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{86CCEB3C-AE8F-4B03-A3DD-205F2802D550}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{88FED118-615F-438B-B92D-3F3D0BE98FBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{921A0520-0EF5-4431-8C05-923A682FB78A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{92B91EDE-1B5A-47EC-A9EA-34ABBA2D18CA}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{96898CE9-192A-4DEA-B9EB-D737DB37C694}" = protocol=58 | dir=out | [email protected],-28546 |
"{997E864A-F5DD-4B95-BCA5-6F2FB3D33FBA}" = protocol=58 | dir=in | [email protected],-28545 |
"{9C5ADA5A-8B26-40CD-B8FA-07ED6C8D8CF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A439F425-25C3-4E98-9300-579C2E95554D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A5C5E630-7261-4BF8-B147-EEEF3A825593}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A63639E0-E873-4BAA-B1A6-42D833CF72C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A7EC8AC5-3F0A-4A61-B7B2-15E90C427E78}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{AA019790-B637-4C83-B635-A4602D759294}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{AD5FF138-1CB5-4A97-8D6B-12451183F058}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{ADCA02ED-AE0E-4D6C-8533-B84090B1E19F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B65DBA5B-6B96-4AD2-9D91-B146DC30B1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BB185B0F-AED3-4E5F-BD81-228FAFB2E219}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{BDF03952-A3C8-4CEC-9FDA-54CEB244E348}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{BE1AFBA7-8F6A-4EBF-B6D4-49236EE74A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{BF588ABB-0221-4544-9974-D3881871A742}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C50D73B4-EF90-4012-876B-3393A9073292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB4D2707-9791-4F0C-B05B-50FEAD7CD5E5}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{CF04C498-25F7-4A19-B546-171C583091C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{D46994EA-3A54-47B7-AE59-DE7B013C8BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{D962BC8C-1854-4CE3-9D2B-6D998B9BE5DD}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{DCE125B2-5753-4128-8EE8-7ACF983E1C7E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{E0271837-E16C-4B23-9DEC-B4C0CA15EFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E0DF3D7B-6F0A-4FD8-B6B3-4917F26B388A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{E2A8918E-0706-4D0D-897C-DE4BE52C029A}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{E9286A07-14A7-43D5-BDF0-BCE89E081C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{EB8C4488-8AC6-432A-84B3-8578D785BE7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{EC2E83AF-3A3F-4761-8BFC-30EDADB7838E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{ED2D3C4E-68D9-42FA-B8A1-5A02B0B6D4DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F1AEF8F4-51BB-4FBC-A126-0B21719AE75F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F29005AF-F1B1-46E6-8810-03E7863B917A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{F2EE4088-C1B5-4937-B3A0-D865AF5EB620}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{F60A8697-5934-4B99-8CB7-E8385A75229D}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD86B81B-18DA-4C73-8385-F2C6F109B509}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"TCP Query User{039F517F-0782-46AC-B000-DDB9E751F000}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{28F9E780-56A0-479B-8894-2E566D489E71}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{4C21DCA0-69C1-4787-A868-6F2639EB1A86}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AD30FB7C-FDF2-471A-8E12-7D9F8465EAB7}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{C7B2F589-F065-4E50-8024-E9323CB53785}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ED7E4D2E-86AF-4D38-A669-2686885AE235}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{7C391D61-79DA-4269-BF1D-1E58FCF70FFE}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{89BE46D5-9B35-4B57-BC15-967C0648A4E4}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{91B0F4CF-9036-4230-BBFC-49B53C02F927}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{9BC50BF9-B1C6-4378-A712-08C0EBEB3525}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F0D7A2EE-9E4B-4A2E-BA3A-B8409DE580F0}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F40146ED-C932-4F28-83BD-373CDC7D090A}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{791D3241-C6A4-417F-82E6-00543B6E5012}" = HP Deskjet 3510 series Product Improvement Study
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7F20F2D1-C425-4432-96BA-EBD0C2181493}" = HP Deskjet 3510 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyPC Backup" = MyPC Backup
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Puran Defrag_is1" = Puran Defrag 7.6
"SP6" = Logitech SetPoint 6.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC6566B-131F-4987-82DF-932CED9FCA23}" = CouponPrinterPlugin
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = ASPCA Reminder by We-Care.com v4.1.22.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EEA7D922-7F21-42A1-B548-236984D36423}_is1" = Jihosoft Android Photo Transfer version 1.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All in one Cleaner_is1" = All in one Cleaner ver.1.0
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"AVG Secure Search" = AVG Security Toolbar
"Babylon" = Babylon
"BFGC" = Big Fish Games: Game Manager
"buenosearch" = buenosearch toolbar
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"GSC 2.00" = GSC 2.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photo Creations" = HP Photo Creations
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PrintProjects" = PrintProjects
"PROR" = Microsoft Office Professional 2007 Trial
"pywin32-py2.6" = Python 2.6 pywin32-212
"RCA Updater_is1" = RCA Updater 1.0.4.0
"RealPlayer 16.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"DSite" = Update for PDF Reader
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec
"PDF Reader" = PDF Reader
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/2/2014 3:01:36 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 5/2/2014 3:01:36 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077
Error - 5/2/2014 3:01:36 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1077
Error - 5/2/2014 8:20:10 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/3/2014 3:01:46 AM | Computer Name = Home-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 5/3/2014 3:24:20 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 5/3/2014 3:25:41 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 5/3/2014 3:25:41 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 5/3/2014 9:12:03 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 5/3/2014 9:12:03 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ Media Center Events ]
Error - 5/19/2012 3:55:28 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/19/2012 5:57:41 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/20/2012 1:31:59 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/20/2012 12:04:33 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/21/2012 2:27:30 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/21/2012 12:21:48 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/22/2012 1:38:59 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/22/2012 12:01:48 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/23/2012 12:58:13 AM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/23/2012 3:40:15 PM | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 5/2/2014 8:21:59 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 5/2/2014 8:24:51 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 5/2/2014 8:24:51 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/3/2014 3:09:56 AM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 5/3/2014 3:24:21 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 5/3/2014 3:24:21 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/3/2014 3:24:21 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 5/3/2014 3:24:36 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 5/3/2014 3:25:14 AM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
Error - 5/3/2014 3:26:34 AM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
< End of report >
#6
Posted 04 May 2014 - 02:06 AM
Machiavelli
-
- GeekU Moderator
-
- 4,722 posts
GeekU Moderator
Hey,
you have some Adware on the PC. We will remove this.
Step 1: P2P Warning
IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.
1.) You have following P2P program installed: BitTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!
Step 2: Uninstalls
Run Chrome and please enter this into the address bar: chrome:extensions
This will display a page of all installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.
Extensions to be removed:
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:
Download Mirror #1
Step 6: Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
How is the PC running?
you have some Adware on the PC. We will remove this.
Step 1: P2P Warning
IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.
1.) You have following P2P program installed: BitTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!
Step 2: Uninstalls
- Click on the Start
button and select Control Panel - Click on Programs then click on Uninstall a program
- You will now see a list of your installed software, double click on the following one by one to uninstall them:
- MyPC Backup
- CouponPrinterPlugin
- AVG Security Toolbar
- Babylon
- buenosearch toolbar
- Coupon Printer for Windows
- Once you have done this, reboot your computer
Run Chrome and please enter this into the address bar: chrome:extensions
This will display a page of all installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.
Extensions to be removed:
- ArcadeFrontier
- Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
- Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:Commands [CREATERESTOREPOINT] :OTL SRV - [2014/04/27 16:56:42 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0) SRV - [2013/05/31 07:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack) IE:64bit: - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/ IE - HKLM\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms} IE - HKLM\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosear...=66528&tsp=5231 IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosear...=66528&tsp=5231 IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms} IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}: "URL" = http://search.mywebs...r={searchTerms} IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms} IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{BC6279F4-8629-4876-8CD6-12EAB8A0A069}: "URL" = http://www.mysearchr...q={searchTerms} IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://tmq.bingstart...g=2-168-0-1kqDS FF - prefs.js..browser.startup.homepage: "http://www.buenosear...66528&tsp=5231" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tracy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation) FF - HKCU\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin: C:\Users\Tracy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 [2014/04/27 16:57:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] [2014/04/27 20:46:27 | 000,000,000 | ---D | M] [2014/04/27 20:46:37 | 000,000,000 | ---D | M] (BuenoSearch) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\[email protected] [2013/09/16 18:44:54 | 000,002,276 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\bingp.xml [2014/04/27 20:46:37 | 000,006,226 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\buenosearch.xml [2013/03/19 10:55:00 | 000,009,948 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\Maps4PC_0c.xml [2014/03/28 21:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/03/28 21:54:43 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (no name) - {ac3eb537-a86d-4a88-802a-79918db4abe7} - No CLSID value found. O2 - BHO: (no name) - {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - No CLSID value found. O2 - BHO: (buenosearch Helper Object) - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD) O3 - HKLM\..\Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - No CLSID value found. O3 - HKLM\..\Toolbar: (buenosearch Toolbar) - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD) O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\Toolbar\WebBrowser: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [BitTorrent] "C:\Users\Tracy\AppData\Local\Temp\utt76D3.tmp.exe" /MINIMIZED File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search) [2014/04/27 20:46:48 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\BabSolution [2014/04/27 20:46:44 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Babylon [2014/04/27 20:46:42 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Babylon [2014/04/27 20:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\buenosearch LTD [2014/04/27 20:46:29 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\buenosearch LTD [2014/04/27 20:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon [2014/04/27 20:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon [2014/04/27 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013/07/28 13:34:59 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll [2014/04/27 20:46:28 | 000,000,966 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk [2014/04/27 20:46:28 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2014/04/27 16:57:01 | 000,003,701 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2013/06/26 10:10:58 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe [2013/06/26 10:10:18 | 000,003,726 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2010/09/08 08:33:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina Marketing Corp [2013/04/11 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina Print Savings [2011/05/01 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE} :Commands [EMPTYTEMP] - Click the Run Fix button.
- After your computer has rebooted, post the Fixlog into your next reply.
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:
Download Mirror #1
- Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
- Click Scan and let the scan run.
- When it finishes, click Clean, following the on screen prompts
- After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Step 6: Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
- Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
- Click Quick Scan to start OTL.
- When OTL finishes scanning, a logs, OTL.txt will open.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
How is the PC running?
#7
Posted 04 May 2014 - 05:13 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
Contents of OTL FIX
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service vToolbarUpdater18.1.0 stopped successfully!
Service vToolbarUpdater18.1.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe moved successfully.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files (x86)\MyPC Backup\BackupStack.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ not found.
HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{180780f0-b348-4b44-8210-94a8f3ee15b2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e51ec4e-2fa9-40fa-9007-2411de34e7ca}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8776F0B8-E8AE-4692-92BA-E35731C5FE36}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BC6279F4-8629-4876-8CD6-12EAB8A0A069}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC6279F4-8629-4876-8CD6-12EAB8A0A069}\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5F5D888-2587-E012-A817-7038F5690F26}\ not found.
Prefs.js: "http://www.buenosear....66528&tsp=5231" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator\ deleted successfully.
File move failed. C:\Users\Tracy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin\ not found.
File C:\Users\Tracy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar not found.
File C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] not found.
Folder C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\[email protected]\ not found.
C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\bingp.xml moved successfully.
C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\buenosearch.xml moved successfully.
C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\Maps4PC_0c.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac3eb537-a86d-4a88-802a-79918db4abe7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac3eb537-a86d-4a88-802a-79918db4abe7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76689d9-6555-42ee-a94f-ba89fb29ceb1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d76689d9-6555-42ee-a94f-ba89fb29ceb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}\ not found.
File C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32bfba07-b1fc-4764-bc21-4af8c6188ca5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32bfba07-b1fc-4764-bc21-4af8c6188ca5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{828DC97A-2277-4E10-92A9-4907FA0922A9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}\ not found.
File C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Babylon Client not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG Secure Search\vprot.exe not found.
Registry value HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll not found.
Folder C:\Users\Tracy\AppData\Roaming\BabSolution\ not found.
Folder C:\Users\Tracy\AppData\Local\Babylon\ not found.
Folder C:\Users\Tracy\AppData\Roaming\Babylon\ not found.
Folder C:\Program Files (x86)\buenosearch LTD\ not found.
Folder C:\Users\Tracy\AppData\Roaming\buenosearch LTD\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\ not found.
Folder C:\Program Files (x86)\Babylon\ not found.
C:\ProgramData\AVG Secure Search\Logger folder moved successfully.
C:\ProgramData\AVG Secure Search folder moved successfully.
C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll moved successfully.
File C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk not found.
File C:\Users\Public\Desktop\Babylon.lnk not found.
File C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml not found.
C:\ProgramData\uninstaller.exe moved successfully.
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml moved successfully.
C:\Users\Tracy\AppData\Roaming\Catalina Marketing Corp folder moved successfully.
Folder C:\Users\Tracy\AppData\Roaming\Catalina Print Savings\ not found.
C:\Users\Tracy\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1154751 bytes
->Java cache emptied: 5242469 bytes
->FireFox cache emptied: 5144868 bytes
->Google Chrome cache emptied: 420826074 bytes
->Flash cache emptied: 61735 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2247039 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1165606 bytes
Total Files Cleaned = 416.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05042014_190311
Files\Folders moved on Reboot...
File move failed. C:\Users\Tracy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#8
Posted 04 May 2014 - 05:29 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
Adw.cleaner content
# AdwCleaner v3.206 - Report created 04/05/2014 at 19:20:06
# Updated 04/05/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tracy - HOME-PC
# Running from : C:\Users\Tracy\Desktop\AdwCleaner (4).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\AI_RecycleBin
[!] Folder Deleted : C:\ProgramData\Tarma Installer
[!] Folder Deleted : C:\ProgramData\Trymedia
[!] Folder Deleted : C:\ProgramData\WeCareReminder
[!] Folder Deleted : C:\ProgramData\Alawar Stargaze
[!] Folder Deleted : C:\ProgramData\AlawarWrapper
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DefaultTab
[!] Folder Deleted : C:\Program Files (x86)\Delta
[!] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[!] Folder Deleted : C:\Program Files (x86)\InfoAtoms
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\registry mechanic
[!] Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Yontoo
[!] Folder Deleted : C:\Program Files (x86)\Zynga
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[!] Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
[!] Folder Deleted : C:\Program Files\Babylon
[!] Folder Deleted : C:\Users\Public\Documents\iWin
[!] Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
[!] Folder Deleted : C:\Users\Tracy\.android
[!] Folder Deleted : C:\Users\Tracy\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Tracy\AppData\LocalLow\DataMngr
[!] Folder Deleted : C:\Users\Tracy\AppData\Roaming\FinalMediaPlayer
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Tracy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\user.js
File Deleted : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\user.js
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\prefs.js ]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "orgnl");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.id", "02e3f96400000000000000248c7e0144");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16188");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=02E300248C7E0144&affID=66528&tsp=5231");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=02E300248C7E0144&affID=66528&tsp=5231");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:46:35");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YWxdm001YYus&ptb=B2FBC38F-5F80-40DF-82E9-07A8C1F9BF07&ind=2011090719&ptnrS=YWxdm001YYus&si=maps4pc&n=77decf1f&psa=&st=sb&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
*************************
AdwCleaner[R0].txt - [12185 octets] - [04/05/2014 19:16:16]
AdwCleaner[S0].txt - [11182 octets] - [04/05/2014 19:20:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11243 octets] ##########
#9
Posted 04 May 2014 - 05:46 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
JRT.TXT Content
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Tracy on Sun 05/04/2014 at 19:32:00.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\rmschedule.job
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Tracy\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Tracy\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Tracy\appdata\locallow\maps4pc_0c"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"
~~~ FireFox
Emptied folder: C:\Users\Tracy\AppData\Roaming\mozilla\firefox\profiles\taimr24r.default\minidumps [10 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/04/2014 at 19:40:55.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#10
Posted 04 May 2014 - 05:57 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
OTL Report
OTL logfile created on: 5/4/2014 7:47:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 3.88 Gb Available Physical Memory | 64.81% Memory free
12.09 Gb Paging File | 9.87 Gb Available in Paging File | 81.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 448.10 Gb Free Space | 76.82% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/03 14:34:54 | 007,382,528 | ---- | M] (Google Inc.) -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/08/17 19:03:08 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/26 08:43:52 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/07/26 08:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/26 08:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/03/03 14:14:00 | 000,253,440 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/03/03 14:13:32 | 000,231,936 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/03/03 14:13:26 | 000,344,064 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/03/03 14:13:26 | 000,117,248 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/02/26 04:06:06 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/26 04:05:55 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 04:05:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 04:05:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 04:05:35 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:05:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:05:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:05:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:05:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:05:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:05:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/10 17:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 17:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 17:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 17:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 17:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/28 13:46:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/28 21:54:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/26 13:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2014/04/19 12:16:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140503.033\ex64.sys -- (NAVEX15)
DRV - [2014/04/19 12:16:31 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/04/19 12:16:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140503.033\eng64.sys -- (NAVENG)
DRV - [2014/03/25 21:03:11 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140502.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/20 23:24:23 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/04 19:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 12:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 21:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/04 19:04:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
[2012/12/09 10:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/07/17 08:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2014/05/04 18:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2014/05/04 19:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/28 21:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 21:54:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/09 12:49:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2013/08/17 19:03:19 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: Norton Identity Protection = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2013/07/23 09:15:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [MusicManager] C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/04 19:31:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/04 19:29:50 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:16:45 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/04 19:16:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 19:03:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/03 10:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/03 03:20:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/30 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/04/30 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Programs
[2014/04/04 19:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juno
[2014/04/04 19:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Juno
[2014/04/04 19:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\JunoInstaller
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/04 19:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2014/05/04 19:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/04 19:42:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 19:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/04 19:29:57 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:26:28 | 000,001,769 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2014/05/04 19:25:17 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 19:23:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 19:23:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 19:23:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 19:14:27 | 001,313,617 | ---- | M] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/04 18:26:54 | 000,781,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/04 18:26:54 | 000,646,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 18:26:54 | 000,120,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 06:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/02 20:18:18 | 005,071,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/01 20:12:37 | 000,271,360 | ---- | M] () -- C:\Users\Tracy\Documents\Outlook.pst
[2014/05/01 11:10:51 | 001,619,774 | ---- | M] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/05/01 11:07:46 | 000,063,163 | ---- | M] () -- C:\Users\Tracy\Desktop\BONUS PROGRAM.pdf
[2014/04/30 13:54:45 | 000,058,208 | ---- | M] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:27 | 000,000,598 | ---- | M] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:25 | 000,023,805 | ---- | M] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | M] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | M] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | M] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | M] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 18:15:07 | 000,043,220 | ---- | M] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/26 21:20:20 | 000,045,692 | ---- | M] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/25 17:54:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2014/04/24 12:16:14 | 000,068,374 | ---- | M] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | M] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/14 10:32:18 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/04/13 18:29:16 | 920,617,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/12 19:41:22 | 000,190,375 | ---- | M] () -- C:\Users\Tracy\Desktop\1395425_10200685089790155_1900174911_n.jpg
[2014/04/06 09:55:30 | 000,000,000 | -H-- | M] () -- C:\Users\Tracy\Documents\Default.rdp
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/04 19:14:24 | 001,313,617 | ---- | C] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/01 14:43:36 | 001,619,774 | ---- | C] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/04/30 13:54:44 | 000,058,208 | ---- | C] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:26 | 000,000,598 | ---- | C] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:24 | 000,023,805 | ---- | C] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | C] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | C] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | C] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | C] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 18:15:07 | 000,043,220 | ---- | C] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/26 21:20:20 | 000,045,692 | ---- | C] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/24 12:16:14 | 000,068,374 | ---- | C] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | C] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/13 18:29:16 | 920,617,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/06 09:55:30 | 000,000,000 | -H-- | C] () -- C:\Users\Tracy\Documents\Default.rdp
[2013/10/15 08:42:53 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2013/07/28 13:34:57 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/07/28 12:40:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/18 15:05:30 | 000,009,728 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,008,264 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2014/03/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\.mono
[2010/07/03 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/05/15 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Acoustica
[2009/08/07 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Alawar
[2012/03/18 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AlawarEntertainment
[2010/07/05 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Artogon
[2013/08/12 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AstImageBack
[2013/03/14 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG
[2011/02/20 10:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Awem
[2009/12/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Azuaz Games
[2012/12/31 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Top Games
[2014/05/02 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BitTorrent
[2010/06/20 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Boomzap
[2010/02/06 08:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\casanova
[2010/09/15 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Casual Mechanics
[2014/05/04 19:22:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina – Print Savings
[2011/02/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\cerasus.media
[2013/10/15 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/14 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Curious Sense
[2010/06/19 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/05/06 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/05/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRose_iWin
[2010/02/22 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Dekovir
[2009/12/01 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\E-centives
[2010/01/26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\ElementalsTheMagicKey
[2010/09/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enki Games
[2010/08/28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus2SE_BFG
[2010/01/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus_Real
[2010/04/05 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\EscapeTheMuseum2
[2009/10/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Eyeblaster
[2009/06/21 07:06:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FloodLightGames
[2013/04/01 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Foxit Software
[2011/02/11 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Friday's games
[2013/06/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FrostWire
[2009/12/21 08:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fuel Industries
[2010/07/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fugazo
[2013/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\funkitron
[2010/04/25 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse
[2009/09/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse 3 Days Zoo Mystery
[2010/06/30 06:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1000
[2009/12/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1001
[2013/08/10 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamelab
[2010/10/14 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamers Digital
[2011/05/27 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gogii
[2010/01/14 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gold Casual Games
[2009/07/16 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GOL_byHasbro
[2009/06/30 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GSC 2.00
[2010/06/28 06:39:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\gtk-2.0
[2010/05/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\HdO Adventure
[2010/02/22 23:20:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\InfraRecorder
[2010/07/14 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\KranX Productions
[2010/06/21 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Lazy Turtle Games
[2009/09/15 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leadertech
[2010/07/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient
[2010/03/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/11 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Ludia
[2009/11/02 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Magic Academy 2
[2009/12/08 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MastersOfMystery2
[2009/08/20 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Meridian93
[2010/09/25 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Merscom
[2010/06/22 22:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\mjusbsp
[2011/01/19 02:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MusicNet
[2010/07/08 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mutant Arcade
[2011/05/03 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MysteryStudio
[2009/11/15 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mysteryville2
[2011/07/03 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NetMedia Providers
[2010/06/24 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Oberon Media
[2013/02/19 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\OpenOffice.org
[2012/07/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
[2011/02/10 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Phantasmat_bf_se1
[2009/05/26 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PictureMover
[2012/07/15 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayFirst
[2011/02/28 09:49:55 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayPond
[2009/11/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Playrix Entertainment
[2010/01/09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PoBros
[2010/01/21 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Princess Isabella
[2011/07/02 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Publish Providers
[2011/02/28 11:30:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\QB9
[2010/06/29 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Quirky Games
[2009/11/21 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Righteous Kill
[2013/08/12 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Samsung
[2010/04/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Settlement. Colossus
[2010/07/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SevenSails
[2010/03/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Silverback Productions
[2010/08/15 13:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sky Bros
[2014/05/03 03:16:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
[2013/03/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sony
[2010/09/02 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Specialbit
[2009/08/20 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop
[2009/08/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop Games
[2012/02/06 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/24 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Stamps.com Internet Postage
[2013/06/11 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SumatraPDF
[2011/03/13 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SynthMaker
[2011/10/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Temp
[2009/05/29 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Template
[2010/01/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TheFixerUpper
[2010/06/05 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Tific
[2010/02/02 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TitanicMystery
[2009/11/19 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TMInc
[2009/12/14 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Total Eclipse
[2011/05/01 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
[2013/03/14 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
[2011/09/27 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Unity
[2009/07/20 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\V-Games
[2010/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\VampireSaga
[2011/11/28 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Visan
[2011/07/08 08:50:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Vogat Interactive
[2010/01/20 02:12:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WeatherBug
[2014/01/14 09:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangent
[2010/07/01 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangentv1000
[2009/06/24 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
#11
Posted 04 May 2014 - 05:58 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
I'm not sure. It seeps to be running a little faster.
#12
Posted 05 May 2014 - 07:59 AM
Machiavelli
-
- GeekU Moderator
-
- 4,722 posts
GeekU Moderator
Hey,
still have something to do. Well done so far!
Step 1: OTL Fix
Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
Step 3: ESET
Please disable your AntiVirus before doing these steps!
Download Security Check by screen317 from here or here.
How is your PC running?
still have something to do.
Well done so far!Step 1: OTL Fix
- Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
- Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:Commands [CREATERESTOREPOINT] :OTL FF - user.js - File not found [2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011/03/07 11:04:23 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D1B5B4F1 :Commands [EMPTYTEMP]
- Click the Run Fix button.
- After your computer has rebooted, run OTL and click Quick Scan.
- Copy and paste the contents of the log that it produces into your next post.
Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
Step 3: ESET
Please disable your AntiVirus before doing these steps!
- If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
- This will only work for Internet Explorer or FireFox
- Please download ESET Online Scanner from here
- Visit this website here
- You will see a screen like this:
- Click Run ESET Online Scanner
- A Window will open (see above) - please click on the link
- A window will pop up - please download the file to your Desktop
- When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
- Tick the box next to YES, I accept the Terms of Use then click on: Start
- You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Remove found threats is NOT checked.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Then click on Start
- virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- After the scan is finished please click on Finish
- Click Run ESET Online Scanner
- Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
- Copy and paste that log as a reply to this topic.
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How is your PC running?
#13
Posted 05 May 2014 - 11:23 AM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
OTL scan report
OTL logfile created on: 5/5/2014 1:10:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 67.67% Memory free
12.09 Gb Paging File | 10.18 Gb Available in Paging File | 84.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 445.35 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.80 Gb Free Space | 14.05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/03 14:34:54 | 007,382,528 | ---- | M] (Google Inc.) -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/08/17 19:03:08 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/07/26 08:43:52 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/07/26 08:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/26 08:43:44 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/03/03 14:14:00 | 000,253,440 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/03/03 14:13:32 | 000,231,936 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/03/03 14:13:26 | 000,344,064 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/03/03 14:13:26 | 000,117,248 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/02/26 04:06:06 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/02/26 04:05:55 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 04:05:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/26 04:05:50 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 04:05:35 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 04:05:25 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 04:05:20 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 04:05:19 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 04:05:14 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 04:05:13 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 04:05:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/12/10 17:06:52 | 000,026,624 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 17:06:42 | 010,683,392 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 17:06:40 | 001,681,408 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 17:06:38 | 007,741,952 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 17:06:36 | 002,248,192 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/28 13:46:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/28 21:54:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/16 13:29:16 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/05/23 01:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 01:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 01:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 20:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 22:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 21:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/26 13:18:00 | 000,615,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2014/04/19 12:16:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140505.001\ex64.sys -- (NAVEX15)
DRV - [2014/04/19 12:16:31 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/04/19 12:16:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20140505.001\eng64.sys -- (NAVENG)
DRV - [2014/03/25 21:03:11 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140502.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/20 23:24:23 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tracy\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2014/05/05 13:06:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 12:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/28 21:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/05 12:59:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
[2012/12/09 10:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/07/17 08:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2014/05/04 18:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2014/05/04 19:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/28 21:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 21:54:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/09 12:49:39 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/08/17 19:03:19 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_2\
CHR - Extension: Norton Identity Protection = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Wallet = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2013/07/23 09:15:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [MusicManager] C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/04 19:31:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/04 19:29:50 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:16:45 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/04 19:16:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 19:03:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/03 10:15:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/03 03:20:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/30 06:42:46 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2014/04/30 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Tracy\AppData\Local\Programs
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/05 13:07:01 | 000,001,769 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2014/05/05 13:06:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 13:06:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 13:06:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 13:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/05 12:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2014/05/05 12:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 12:42:19 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 12:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/05 08:29:03 | 000,055,981 | ---- | M] () -- C:\Users\Tracy\Desktop\10157230_10201875972721484_5841073507464964691_n.jpg
[2014/05/05 07:26:25 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2014/05/05 03:00:50 | 000,646,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/05 03:00:49 | 000,781,906 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/05 03:00:49 | 000,120,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 19:29:57 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Tracy\Desktop\JRT.exe
[2014/05/04 19:14:27 | 001,313,617 | ---- | M] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/03 10:15:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Desktop\OTL.exe
[2014/05/02 20:18:18 | 005,071,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/01 20:12:37 | 000,271,360 | ---- | M] () -- C:\Users\Tracy\Documents\Outlook.pst
[2014/05/01 11:10:51 | 001,619,774 | ---- | M] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/05/01 11:07:46 | 000,063,163 | ---- | M] () -- C:\Users\Tracy\Desktop\BONUS PROGRAM.pdf
[2014/04/30 13:54:45 | 000,058,208 | ---- | M] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:27 | 000,000,598 | ---- | M] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:25 | 000,023,805 | ---- | M] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | M] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | M] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | M] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | M] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 18:15:07 | 000,043,220 | ---- | M] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/26 21:20:20 | 000,045,692 | ---- | M] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/25 17:54:03 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2014/04/24 12:16:14 | 000,068,374 | ---- | M] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | M] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/14 10:32:18 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/04/13 18:29:16 | 920,617,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/12 19:41:22 | 000,190,375 | ---- | M] () -- C:\Users\Tracy\Desktop\1395425_10200685089790155_1900174911_n.jpg
[2014/04/06 09:55:30 | 000,000,000 | -H-- | M] () -- C:\Users\Tracy\Documents\Default.rdp
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/05 08:29:02 | 000,055,981 | ---- | C] () -- C:\Users\Tracy\Desktop\10157230_10201875972721484_5841073507464964691_n.jpg
[2014/05/04 19:14:24 | 001,313,617 | ---- | C] () -- C:\Users\Tracy\Desktop\AdwCleaner (4).exe
[2014/05/01 14:43:36 | 001,619,774 | ---- | C] () -- C:\Users\Tracy\Desktop\20140430_143632.jpg
[2014/04/30 13:54:44 | 000,058,208 | ---- | C] () -- C:\Users\Tracy\Desktop\1795679_10203513826437071_1848224178186761998_n.jpg
[2014/04/30 07:02:26 | 000,000,598 | ---- | C] () -- C:\Users\Tracy\Documents\Dish Washing.m3u
[2014/04/30 07:00:24 | 000,023,805 | ---- | C] () -- C:\Users\Tracy\Documents\Music.m3u
[2014/04/30 06:54:59 | 000,000,788 | ---- | C] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/04/30 06:54:59 | 000,000,764 | ---- | C] () -- C:\Users\Tracy\Desktop\BitTorrent.lnk
[2014/04/29 11:22:22 | 000,079,016 | ---- | C] () -- C:\Users\Tracy\Desktop\1466190_667368796618776_1352042444_n.jpg
[2014/04/28 15:45:09 | 000,022,753 | ---- | C] () -- C:\Users\Tracy\Desktop\mouseMellows01.jpg
[2014/04/28 15:44:03 | 000,008,273 | ---- | C] () -- C:\Users\Tracy\Desktop\35af35c23f9db1ca3b0f55ce05c2520e.jpg
[2014/04/27 18:15:07 | 000,043,220 | ---- | C] () -- C:\Users\Tracy\Desktop\Tracy-3.jpg
[2014/04/26 21:20:20 | 000,045,692 | ---- | C] () -- C:\Users\Tracy\Desktop\Love.jpg
[2014/04/24 12:16:14 | 000,068,374 | ---- | C] () -- C:\Users\Tracy\Desktop\10153283_10203513808396620_7621378519211978667_n.jpg
[2014/04/24 12:15:33 | 000,122,209 | ---- | C] () -- C:\Users\Tracy\Desktop\10155327_10203513814036761_8196217567772750270_n.jpg
[2014/04/13 18:29:16 | 920,617,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/06 09:55:30 | 000,000,000 | -H-- | C] () -- C:\Users\Tracy\Documents\Default.rdp
[2013/10/15 08:42:53 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2013/07/28 13:34:57 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/07/28 12:40:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/18 15:05:30 | 000,009,728 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,008,264 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== LOP Check ==========
[2014/03/01 20:35:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\.mono
[2010/07/03 15:39:16 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/05/15 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Acoustica
[2009/08/07 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/13 16:37:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Alawar
[2012/03/18 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AlawarEntertainment
[2010/07/05 08:23:24 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Artogon
[2013/08/12 13:11:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AstImageBack
[2013/03/14 17:28:13 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\AVG
[2011/02/20 10:43:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Awem
[2009/12/02 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Azuaz Games
[2012/12/31 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Big Top Games
[2014/05/02 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\BitTorrent
[2010/06/20 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Boomzap
[2010/02/06 08:04:47 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\casanova
[2010/09/15 14:11:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Casual Mechanics
[2014/05/04 19:22:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Catalina – Print Savings
[2011/02/18 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\cerasus.media
[2013/10/15 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/14 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Curious Sense
[2010/06/19 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/05/06 09:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRoseSE_RA
[2010/05/08 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\DarkParablesBriarRose_iWin
[2010/02/22 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Dekovir
[2009/12/01 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\E-centives
[2010/01/26 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\ElementalsTheMagicKey
[2010/09/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enki Games
[2010/08/28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus2SE_BFG
[2010/01/22 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Enlightenus_Real
[2010/04/05 11:08:32 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\EscapeTheMuseum2
[2009/10/11 11:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Eyeblaster
[2009/06/21 07:06:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FloodLightGames
[2013/04/01 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Foxit Software
[2011/02/11 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Friday's games
[2013/06/26 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\FrostWire
[2009/12/21 08:42:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fuel Industries
[2010/07/13 10:03:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Fugazo
[2013/01/30 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\funkitron
[2010/04/25 19:29:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse
[2009/09/05 11:52:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHouse 3 Days Zoo Mystery
[2010/06/30 06:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1000
[2009/12/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GameHousev1001
[2013/08/10 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamelab
[2010/10/14 11:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gamers Digital
[2011/05/27 22:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gogii
[2010/01/14 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Gold Casual Games
[2009/07/16 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GOL_byHasbro
[2009/06/30 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\GSC 2.00
[2010/06/28 06:39:00 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\gtk-2.0
[2010/05/14 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\HdO Adventure
[2010/02/22 23:20:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\InfraRecorder
[2010/07/14 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\KranX Productions
[2010/06/21 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Lazy Turtle Games
[2009/09/15 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Leadertech
[2010/07/26 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient
[2010/03/28 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/06/11 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Ludia
[2009/11/02 09:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Magic Academy 2
[2009/12/08 10:12:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MastersOfMystery2
[2009/08/20 16:19:38 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Meridian93
[2010/09/25 15:16:50 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Merscom
[2010/06/22 22:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\mjusbsp
[2011/01/19 02:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MusicNet
[2010/07/08 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mutant Arcade
[2011/05/03 10:51:41 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/12/25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\MysteryStudio
[2009/11/15 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Mysteryville2
[2011/07/03 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\NetMedia Providers
[2010/06/24 09:02:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Oberon Media
[2013/02/19 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\OpenOffice.org
[2012/07/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PDAppFlex
[2011/02/10 12:18:20 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Phantasmat_bf_se1
[2009/05/26 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PictureMover
[2012/07/15 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayFirst
[2011/02/28 09:49:55 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PlayPond
[2009/11/16 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Playrix Entertainment
[2010/01/09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\PoBros
[2010/01/21 16:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Princess Isabella
[2011/07/02 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Publish Providers
[2011/02/28 11:30:28 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\QB9
[2010/06/29 16:15:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Quirky Games
[2009/11/21 09:51:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Righteous Kill
[2013/08/12 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Samsung
[2010/04/11 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Settlement. Colossus
[2010/07/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SevenSails
[2010/03/30 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Silverback Productions
[2010/08/15 13:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sky Bros
[2014/05/03 03:16:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SoftGrid Client
[2013/03/18 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Sony
[2010/09/02 12:01:12 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Specialbit
[2009/08/20 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop
[2009/08/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SpinTop Games
[2012/02/06 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/09/24 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Stamps.com Internet Postage
[2013/06/11 08:19:30 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SumatraPDF
[2011/03/13 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\SynthMaker
[2011/10/18 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Temp
[2009/05/29 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Template
[2010/01/21 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TheFixerUpper
[2010/06/05 16:40:08 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Tific
[2010/02/02 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TitanicMystery
[2009/11/19 14:42:31 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TMInc
[2009/12/14 12:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Total Eclipse
[2011/05/01 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TP
[2013/03/14 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\TuneUp Software
[2011/09/27 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Unity
[2009/07/20 07:31:21 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\V-Games
[2010/06/09 19:03:33 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\VampireSaga
[2011/11/28 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Visan
[2011/07/08 08:50:58 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\Vogat Interactive
[2010/01/20 02:12:44 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WeatherBug
[2014/01/14 09:34:26 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangent
[2010/07/01 12:10:17 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WildTangentv1000
[2009/06/24 17:25:51 | 000,000,000 | ---D | M] -- C:\Users\Tracy\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
#14
Posted 05 May 2014 - 12:04 PM
Machiavelli
-
- GeekU Moderator
-
- 4,722 posts
GeekU Moderator
I will wait for the other logs.
#15
Posted 05 May 2014 - 01:31 PM
tdjones813
- Topic Starter
-
- Member
-
- 65 posts
Member
mbam report
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/5/2014
Scan Time: 3:30:10 PM
Logfile: maam.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.05.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Tracy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298680
Time Elapsed: 2 hr, 2 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, No Action By User, [bc447c842bd5808011bd8d957a88c63a],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, No Action By User, [8080d030cc34f20e4689a08240c27c84],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 7
PUP.Optional.WeCare.A, C:\ProgramData\ReadOnlyInstaller.msi, No Action By User, [5ca49b657b8509f7c1121b03f10fc33d],
PUP.Optional.Ibryte, C:\Users\Tracy\Downloads\Extreme_Flash_Player_Setup.exe, No Action By User, [54acb34d50b04eb27b984bbbc33e39c7],
PUP.Optional.Inbox, C:\Users\Tracy\Downloads\GamesSetup.exe, No Action By User, [25db16ea2ed2d927046171954bb624dc],
PUP.Optional.Inbox, C:\Users\Tracy\Downloads\NewsSetup.exe, No Action By User, [a858817fb64ad828541148be897841bf],
PUP.Optional.Bundle, C:\Users\Tracy\Downloads\PDFReaderSetup.exe, No Action By User, [eb1534cca25ec7396c685cc6e819b24e],
PUP.Optional.OpenCandy, C:\Users\Tracy\Desktop\Tracy\.frostwire5\updates\frostwire-5.4.0.windows.exe, No Action By User, [b54bc43c56aa37c98094ea748480a858],
PUP.Optional.Searchqu.A, C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, No Action By User, [986831cf05fb9d632c1f475d897acc34],
Physical Sectors: 0
(No malicious items detected)
(end)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
