This topic is locked
Hello G2G,
If you've read my prior posts, you know I'm the family go-to person for computer help. Which is sad for them since I'm only marginally knowledgeable.
Anyway, I'm now posting from my father-in-law's laptop. He seems to have picked up a virus/malware of some sort. Something called or related to "V9." It seems to have completely hi-jacked iExplorer. He needs to use Chrome just to access the web.
I ran the OTL. Here are the log files:
OTL logfile created on: 5/26/2014 5:09:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.84 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 50.42% Memory free
7.68 Gb Paging File | 5.06 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.99 Gb Total Space | 208.52 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/26 17:08:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
PRC - [2014/05/13 22:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/09 07:56:08 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/05/08 09:52:32 | 000,704,112 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/04/10 23:37:28 | 000,366,032 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
PRC - [2014/03/11 23:36:06 | 000,267,936 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 19:31:16 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/16 01:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/03/23 08:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/02/29 12:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2012/02/08 01:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/08 01:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/08 01:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 23:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2012/02/01 22:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 20:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
PRC - [2011/07/22 20:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 06:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1347114827\ee\aolsoftware.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/13 22:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 22:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 22:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/13 22:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/13 22:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/06 07:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 23:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 04:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/07 23:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 23:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/03 04:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/05/14 10:34:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/08 09:52:32 | 000,704,112 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/04/10 23:37:51 | 000,166,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 19:31:16 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/16 01:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/04/23 03:25:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/23 08:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 12:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/08 01:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 01:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 01:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/01 22:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/18 10:33:22 | 000,111,776 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway\WDAgent\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012/01/05 20:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/07/22 20:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/06/01 21:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 20:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/23 11:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/10/23 12:00:56 | 000,454,168 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 01:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 01:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 03:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/28 01:48:27 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/05/22 00:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/04 04:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2012/04/18 01:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 00:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/27 01:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/07 12:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 05:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 22:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/19 06:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012/01/11 03:38:28 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/01/09 19:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/01/09 19:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/01/09 19:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/12/06 10:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 08:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/04 16:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/11/04 16:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/09/02 20:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/08/15 21:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/14 04:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 04:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 02:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 02:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 02:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 02:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 00:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 00:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 00:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 23:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 23:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 19:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 19:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 19:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 19:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 22:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 22:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2006/11/29 21:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2012/11/07 08:42:31 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121106.032\ex64.sys -- (NAVEX15)
DRV - [2012/11/07 08:42:31 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121106.032\eng64.sys -- (NAVENG)
DRV - [2012/10/05 17:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/29 08:02:30 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/09/07 16:36:06 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121106.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 00:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34309ba38
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1033202107&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1033202107&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34309ba38
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1033202107&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=21-02-2013
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34309ba38
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1033202107&ir=
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\..\SearchScopes\{3EA4F47C-E8D1-49E2-B2C3-188FB12868EB}: "URL" = http://search.zoneal...rchTerms}&r=649
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1033202107&ir=
IE - HKCU\..\SearchScopes\{84867BF2-0E0F-4A54-AE8D-19CBB54BA427}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=246&lng=en
IE - HKCU\..\SearchScopes\{C8AC339B-ECAF-4E90-B316-D12FA908B40F}: "URL" = http://slirsredirect...mrud=01-10-2013
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/09/19 18:04:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2014/05/23 14:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
[2012/11/20 15:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: AOL (Enabled)
CHR - default_search_provider: search_url = http://search.aol.co...y={searchTerms}
CHR - default_search_provider: suggest_url = http://autocomplete....={searchTerms},
CHR - homepage: http://www.aol.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Norton Identity Safe for Google Chromeâ„¢ = C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.44_0\
CHR - Extension: Google Wallet = C:\Users\Myles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2009/06/10 20:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Shopping Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [fst_us_72] File not found
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1347114827\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CmTray] C:\Program Files (x86)\Content Manager\launchCM.exe ()
O4 - HKCU..\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S5085.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SDE7C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [WorkForce 630(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_SBE65.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [Del103644193] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DelTr104224314] cmd.exe /c rd /s /q "C:\Users\Myles\AppData\Roaming\mysearchdial" File not found
O4 - HKLM..\RunOnce: [VOPackage] C:\Users\Myles\AppData\Roaming\VOPackage\VOPackage.exe ( )
O4 - HKCU..\RunOnce: [DelTr104224299] cmd.exe /c rd /s /q "C:\Users\Myles\AppData\Roaming\mysearchdial" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBE3BAF8-2822-4BAC-AA81-96108071A198}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - C:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - C:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/26 17:08:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2014/05/24 19:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/05/24 18:59:57 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\MySearchDial
[2014/05/24 18:58:02 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\SupTab
[2014/05/24 18:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/05/24 18:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/05/24 18:55:57 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\VOPackage
[2014/05/24 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\Activeris
[2014/05/24 18:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/05/24 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\globalUpdate
[2014/05/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPP
[2014/05/24 18:54:43 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\WeatherAlerts
[2014/05/24 13:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/05/23 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Myles\Documents\Optimizer Pro
[2014/05/23 21:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller
[2014/05/23 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\SearchProtect
[2014/05/23 21:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/23 21:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/05/23 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
[2014/05/23 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallConverter bundle uninstaller_Installer Converter new - sync_1154524
[2014/05/21 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/13 09:26:52 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\ElevatedDiagnostics
[2014/05/08 07:15:09 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/28 16:33:40 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2014/04/28 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2014/04/28 16:25:59 | 000,000,000 | ---D | C] -- C:\Users\Myles\AppData\Local\AskPartnerNetwork
[40 C:\Users\Myles\Documents\*.tmp files -> C:\Users\Myles\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/26 17:17:51 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 17:17:51 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/26 17:15:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/26 17:08:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myles\Desktop\OTL.exe
[2014/05/26 17:02:27 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/26 17:02:26 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/26 17:02:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/24 19:13:43 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/24 19:13:26 | 000,002,250 | ---- | M] () -- C:\Users\Myles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/24 19:13:26 | 000,001,448 | ---- | M] () -- C:\Users\Myles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/24 19:10:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/05/24 19:00:11 | 000,000,434 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/24 18:53:49 | 000,000,000 | ---- | M] () -- C:\END
[2014/05/23 14:12:46 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/28 02:06:50 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/28 02:06:50 | 000,663,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/28 02:06:50 | 000,122,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[40 C:\Users\Myles\Documents\*.tmp files -> C:\Users\Myles\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/24 18:59:50 | 000,000,434 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/24 18:55:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/05/24 18:53:49 | 000,000,000 | ---- | C] () -- C:\END
[2013/12/12 17:26:18 | 000,000,068 | ---- | C] () -- C:\Windows\EWF630.ini
[2013/10/12 14:51:42 | 000,000,095 | ---- | C] () -- C:\ProgramData\SAH_Install.ini
[2013/06/04 08:09:36 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/03/08 00:48:53 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/09/09 10:48:16 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/09/09 02:28:19 | 000,776,014 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/09 02:04:29 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/09/09 02:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/09/09 02:04:29 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/09/09 02:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/09/09 02:04:29 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/09/09 02:04:29 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/09/09 02:04:29 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/09/09 02:04:29 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/09/09 02:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/09/09 02:04:29 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/09/09 02:04:29 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/09/09 02:04:29 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/09/09 02:04:29 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/09/09 02:04:29 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/09/09 02:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/09/09 02:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/09/09 02:03:34 | 000,000,089 | ---- | C] () -- C:\Windows\EPWF610.ini
[2012/09/08 13:32:16 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/05/28 02:05:23 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/28 02:05:22 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/28 02:05:19 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/28 02:05:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/28 02:05:17 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009/07/14 03:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 01:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 01:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 00:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 02:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 00:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/23 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\.oit
[2014/05/24 18:57:14 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Activeris
[2014/04/12 04:59:15 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Allmyapps
[2014/04/11 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\amazon
[2012/11/20 15:45:16 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\CheckPoint
[2013/09/10 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Epson
[2012/09/09 13:25:24 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Leader Technologies
[2012/09/09 02:24:56 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Leadertech
[2014/05/24 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\MySearchDial
[2013/03/11 00:21:40 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\OnlineVault
[2012/09/08 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\Screensaver
[2013/10/12 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\ShopAtHome
[2012/12/17 12:40:46 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\SNS
[2014/05/17 12:59:07 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\SoftGrid Client
[2014/05/24 18:58:02 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\SupTab
[2014/04/11 21:08:20 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\systweak
[2012/09/09 02:28:56 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\TP
[2014/05/24 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\VOPackage
[2012/12/22 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\WildTangent
[2014/04/28 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Myles\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 5/26/2014 5:09:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.84 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 50.42% Memory free
7.68 Gb Paging File | 5.06 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.99 Gb Total Space | 208.52 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Computer Name: MYLES-PC | User Name: Myles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A832F7-8E46-45AC-9492-5532F64BB775}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13F77948-3845-4A87-829E-6D69CC0C3707}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1AD06D3E-C620-4B30-9F66-F4C6B6D74177}" = lport=138 | protocol=17 | dir=in | app=system |
"{36412369-4500-4329-A21E-316C023C1418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4123B34A-598C-4355-A606-83628A3E64CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{5758300C-0014-42BA-A5AC-F50792546FEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F7F5AEA-93AE-47C5-B6B9-F1EF04E4F454}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{785C4A2E-1ACA-4BC4-8543-5A1308316473}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C57CD93-BDA9-4069-ABD8-E14C1097DD9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C696944-3F44-43EB-B258-3C8190F54088}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85375A1C-0E3D-4CBB-9888-B9FE8D5E9FC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{94884821-B2E3-4489-B9FD-0660AC34AF39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97CCF7E6-4C5B-42F8-88AE-C15B053D1416}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\gateway\wdagent\dcdhcpservice.exe |
"{A537CC7B-4BED-4EE0-BB7E-622C2D05EEDC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AA542523-F9A3-4ACF-8394-4306944A4355}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB0063E0-F3E0-4829-81CE-621079B4C76F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B54F2676-F150-4CB7-A036-7DE718D4B344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEFB1BAD-2653-4393-ABC8-FE05453F1416}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB21EC03-566D-4049-B4AA-F707A8D83DB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D059E71E-D894-4C2A-93B7-6E8056E54271}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E847F2A8-55E0-4B85-B285-67838CBEDC99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE115168-9023-4191-803B-3FD361527DB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F2C2B4BC-B64D-46BA-BD68-D22F94C75E6F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F5CF308B-F302-411B-9BBA-F90858E5C454}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6CE78E6-70A5-484E-A89F-23BE9FFD97EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{FFB1D51E-495E-41C0-BC86-432FC8C86FFE}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D03404-8E89-4610-B90B-513F371382EB}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{0726FACE-1FCC-428C-946F-8D003849E165}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe |
"{0F589D7C-798E-4FA6-9520-2461D885DEF5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{11068513-DD35-4C52-9608-8827084B1657}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
"{131DB6A2-0C8F-44B9-901F-CE11D952279B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{19FA3557-1319-4133-BFB2-0044CE9B654C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{299EBD9E-0CBD-4CB8-919E-16D8E8A29BCC}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{2C1EDD36-59B2-441F-B260-1747B297760D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{34133354-313A-4118-A390-A283B199B0EB}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{358FC8EF-3612-43F1-8194-A09CE0AB9780}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{379712BC-1A78-4C76-AAB6-4A99911A6261}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3968BC67-6C84-456D-92A8-C40FAB2BB31F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{455D6EE5-85DC-4DD9-9C5E-2CC5E41FF9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1347114827\ee\aolsoftware.exe |
"{4ED952B6-ED9D-4BCB-ABFF-598C2CEE7B7A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{50856CAC-9134-49AE-805E-9210355F2345}" = protocol=58 | dir=out | [email protected],-28546 |
"{577529A1-707A-49CA-8A40-DF0CFED45651}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |
"{5B9D1AD6-45F7-4F23-8376-065396F61CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{5BBE6D80-6044-4A62-A5A8-DFA641CDB62E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{656C53EA-92AE-4B80-9FB4-7A8543085E49}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{68422829-6A30-46F5-9E9C-B182A6C335D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7625975F-8C62-447E-98F1-16A9F5DB644D}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{79E240C3-A1AD-4C35-9261-5EBED2C927CD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{7CDAA5BE-6221-4B7E-9CF6-A0CED5260A94}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1347114827\ee\aolsoftware.exe |
"{82009D69-0E14-4C9A-A3F1-C91AE0F2FD9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8499C1C6-EEFE-438E-84EA-45CAFFBD9823}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe |
"{84F9A131-B04D-45B1-B45A-6CFC77991FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe |
"{8883AEE9-3430-4BC1-86E4-AF2DF5C6222B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8937AB68-B89F-493D-818B-168421867231}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{928C7D75-596C-4C27-9394-5B5F33242D7E}" = protocol=58 | dir=in | [email protected],-28545 |
"{9358C63D-9860-4C96-8E52-286CE922EDEE}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe |
"{9B618701-B8B0-4FD1-8357-DF9FFC6A4148}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{A64D6FFB-7990-4C03-B748-DAA74225E9AE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{A658CAD8-A6CF-4F00-8E26-DD9139640253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B015C630-1B93-49D5-9E3E-8922494126AB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{B0527B6B-D935-4FC6-984C-ADFC4A9BC1D5}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{B25C8C86-DD88-4B52-A2DD-10C69728C955}" = protocol=6 | dir=out | app=system |
"{B72800C3-7706-4DC2-B487-3FEFCC7790B2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{BD3D0EFA-6762-4B23-BA07-68605E191668}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
"{BEB7C51E-0738-43D1-916F-BE8DC19F6C7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C959CAAB-FE65-4F4B-85BB-F9C2F3E5C391}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe |
"{C993F331-2241-45C6-B27C-415898E9F770}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{CA7AE26F-7E46-40CA-A31C-1B82AAF02305}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB100202-B4E0-45B3-A825-36153484F29A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF9325CD-79AC-4313-A3D7-5ECA2166A0D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0DDCEC3-5687-4657-9F45-83C95CC5DE6B}" = protocol=1 | dir=out | [email protected],-28544 |
"{D5CA5BDF-12E2-401E-9026-0E386240D99A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{D8A560E9-1A77-4C5B-A4A0-A5796CA67713}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9FCA03E-F275-49F6-8202-30317007C6A7}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
"{E4865011-2E5A-4CEB-A3DA-4136D78D324D}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe |
"{E544018C-C4EA-453F-9FCD-76D62F4EDB7B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{E84C50A4-B046-42E3-94BF-50E0AD4E0534}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{E8611ABF-4017-4D9C-848D-B23552AB3151}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{EDDF3302-ACFA-414C-8984-105F8F2F516D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF797A8A-6FC1-4331-A063-79FA37F51B9D}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |
"{F01E1EF9-81E1-4136-B4B1-7A664D4D747B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F35A0D1C-F6AA-48F3-9489-213D4A8F2705}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F5625EAA-376C-47B5-84A9-FEAB47F055B6}" = protocol=1 | dir=in | [email protected],-28543 |
"{F6CA6CF6-AC4D-4386-A4CE-1D98B135B63F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall
"McAfee Security Scan" = McAfee Security Scan Plus
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39E72FE7-C0B5-45AE-B259-8F5DEEA595C9}" = ZoneAlarm Firewall
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{413A683A-88AA-4270-9270-69DF005DE472}" = ZoneAlarm Security
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F524A00-6A76-A76A-76A7-A758B70C0A06}" = Ask Shopping Toolbar
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53228309-6B6C-4777-BBAF-C1FFDCED34CD}" = ZoneAlarm Antivirus
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C1C996E-9CC9-ACD8-B688-03FEED4E4767}" = Fooz Kids
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BN_DesktopReader" = NOOK for PC
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FoozKids" = Fooz Kids
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallConverter bundle uninstaller" = InstallConverter bundle uninstaller
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Gateway MyBackup
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SearchProtect" = Search Protect
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/11/2014 3:28:52 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=6C:usr=Myles}
The
Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7113.5007.sft'
(rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
Error - 4/11/2014 3:28:52 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604090000:tid=6C:usr=Myles}
The
client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
Error - 4/11/2014 3:31:12 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=A80:usr=Myles}
The
Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7113.5007.sft'
(rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
Error - 4/11/2014 3:31:12 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=13:app=Microsoft Word Starter 2010 9014006604090000:tid=A80:usr=Myles}
The
client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
Error - 4/11/2014 3:34:27 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16D8:usr=Myles}
The
Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7113.5007.sft'
(rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
Error - 4/11/2014 3:34:27 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=14:app=Microsoft Word Starter 2010 9014006604090000:tid=16D8:usr=Myles}
The
client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
Error - 4/11/2014 3:39:42 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=15:app=Microsoft Word Starter 2010 9014006604090000:tid=1450:usr=Myles}
The
Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7113.5007.sft'
(rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
Error - 4/11/2014 3:39:42 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=15:app=Microsoft Word Starter 2010 9014006604090000:tid=1450:usr=Myles}
The
client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
Error - 4/11/2014 5:23:45 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=16:app=Microsoft Word Starter 2010 9014006604090000:tid=150C:usr=Myles}
The
Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7113.5007.sft'
(rc 16001E0A-000001D1, original rc 16001E0A-000001D1).
Error - 4/11/2014 5:23:45 PM | Computer Name = Myles-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=16:app=Microsoft Word Starter 2010 9014006604090000:tid=150C:usr=Myles}
The
client was unable to connect to an Application Virtualization Server (rc 16001E0A-000001D1)
[ System Events ]
Error - 5/19/2014 4:58:58 PM | Computer Name = Myles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:56:46 PM on ?5/?19/?2014 was unexpected.
Error - 5/20/2014 7:53:52 AM | Computer Name = Myles-PC | Source = DCOM | ID = 10010
Description =
Error - 5/20/2014 1:20:02 PM | Computer Name = Myles-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address 00-26-AB-58-3B-55. Network operations
on this system may be disrupted as a result.
Error - 5/20/2014 1:29:26 PM | Computer Name = Myles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:26:34 PM on ?5/?20/?2014 was unexpected.
Error - 5/22/2014 6:10:24 AM | Computer Name = Myles-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{EBE3BAF8-2822-4BAC-AA81-96108071A198}
because another computer on the network has the same name. The server could not
start.
Error - 5/22/2014 10:09:50 AM | Computer Name = Myles-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{EBE3BAF8-2822-4BAC-AA81-96108071A198}
because another computer on the network has the same name. The server could not
start.
Error - 5/22/2014 2:15:25 PM | Computer Name = Myles-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address 00-26-AB-58-3B-55. Network operations
on this system may be disrupted as a result.
Error - 5/22/2014 6:26:16 PM | Computer Name = Myles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:21:12 PM on ?5/?22/?2014 was unexpected.
Error - 5/24/2014 3:58:04 PM | Computer Name = Myles-PC | Source = Service Control Manager | ID = 7034
Description = The Search Protect Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 5/25/2014 3:12:05 PM | Computer Name = Myles-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address 00-26-AB-58-3B-55. Network operations
on this system may be disrupted as a result.
< End of report >
Sign In
Create Account
