Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

leary of technical support [Solved]


  • This topic is locked This topic is locked

#16
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Perfect Barry! Having OTL on your desktop will make it easier for us.

And that is the log that I need to see. It appears that the Run Scan button must have been clicked instead of the Run Fix.

Following are my next set of instructions:
  • Right click on the OTLicon.jpg icon and choose Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox,
    and
  • Check the option for All under the Extra Registry section.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the RunScanotl.jpg button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of the OTL.txt log in the reply box below, then make sure to paste the Extras.txt log in the same reply box making sure that you click to paste at the end of the first log.
  • 0

Advertisements


#17
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ...

 

First log ... it did not declate a name:

 

All processes killed
========== COMMANDS ==========
========== OTL ==========
No active process named Monitor.exe was found!
No active process named SmartDefrag.exe was found!
No active process named IMFsrv.exe was found!
No active process named ASCService.exe was found!
Process tvnserver.exe killed successfully!
Error: No service named MsMpSvc was found to stop!
Unable to delete service\driver key MsMpSvc.
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
Service LiveUpdateSvc stopped successfully!
Service LiveUpdateSvc deleted successfully!
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe moved successfully.
Service IMFservice stopped successfully!
Service IMFservice deleted successfully!
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe moved successfully.
Service tvnserver stopped successfully!
Service tvnserver deleted successfully!
C:\Program Files (x86)\ShowMyPCService\tvnserver.exe moved successfully.
Service SmartDefragDriver stopped successfully!
Service SmartDefragDriver deleted successfully!
C:\Windows\SysNative\drivers\SmartDefragDriver.sys moved successfully.
Service gfibto stopped successfully!
Service gfibto deleted successfully!
C:\Windows\SysNative\drivers\gfibto.sys moved successfully.
Error: Unable to stop service RegFilter!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegFilter deleted successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys moved successfully.
Error: Unable to stop service UrlFilter!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UrlFilter deleted successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys moved successfully.
Service FileMonitor stopped successfully!
Service FileMonitor deleted successfully!
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys moved successfully.
Service PfFilter stopped successfully!
Service PfFilter deleted successfully!
C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin\ deleted successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll moved successfully.
C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\ux326xt3.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\ux326xt3.default\extensions\[email protected]\chrome folder moved successfully.
Folder move failed. C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\ux326xt3.default\extensions\[email protected] scheduled to be moved on reboot.
C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin\Img folder moved successfully.
C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\Plugin folder moved successfully.
C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}\ deleted successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
C:\Program Files (x86)\ShowMyPCService folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\Public\Desktop\IObit Uninstaller.lnk moved successfully.
C:\Windows\Tasks\SmartDefrag.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Barry\Downloads\cmd.bat deleted successfully.
C:\Users\Barry\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Barry
->Temp folder emptied: 4101327 bytes
->Temporary Internet Files folder emptied: 7955 bytes
->Java cache emptied: 1548529 bytes
->FireFox cache emptied: 23446303 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57450 bytes
 
User: barry_2
->Temp folder emptied: 49102450 bytes
->Temporary Internet Files folder emptied: 4676 bytes
->FireFox cache emptied: 289420253 bytes
->Google Chrome cache emptied: 65050005 bytes
->Flash cache emptied: 58045 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62271 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43032 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 738 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42385709 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 453.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06022014_170753

Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\ux326xt3.default\extensions\[email protected] folder moved successfully.
C:\Users\Barry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Barry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

and thenagain :

 

OTL logfile created on: 6/2/2014 8:40:48 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 84.30% Memory free
15.50 Gb Paging File | 13.54 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 841.21 Gb Free Space | 91.37% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.56 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
 
Computer Name: BARRY-PC | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/30 12:56:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
PRC - [2014/03/10 18:17:10 | 003,448,608 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/02/01 15:23:34 | 002,804,472 | ---- | M] (Bayden Systems) -- C:\Program Files (x86)\SlickRun\sr.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/01/11 15:11:26 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2011/12/23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011/12/23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2011/08/15 11:42:28 | 000,031,408 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/19 17:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/16 16:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2014/03/25 14:22:18 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/11/10 10:54:21 | 000,288,472 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2014/05/13 15:25:46 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 08:46:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/12/23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011/12/23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/08/15 11:42:28 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/24 10:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/11/10 10:47:18 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2012/11/12 18:54:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/12 18:54:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/23 00:09:40 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2011/12/23 00:09:38 | 000,051,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2011/12/23 00:09:34 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2011/12/23 00:09:30 | 000,057,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/25 15:45:30 | 000,050,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010/08/25 15:45:28 | 000,566,864 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2010/08/25 15:45:28 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 10:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV - [2012/02/07 16:46:12 | 000,023,816 | ---- | M] (CPUID) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys -- (cpuz135)
DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {52F4DFA4-78BE-470A-8BBF-8327EC8D1D52}
IE:64bit: - HKLM\..\SearchScopes\{36D7F151-C479-461E-BBDD-418A122AAACE}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{52F4DFA4-78BE-470A-8BBF-8327EC8D1D52}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36D7F151-C479-461E-BBDD-418A122AAACE}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{52F4DFA4-78BE-470A-8BBF-8327EC8D1D52}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes,DefaultScope = {52F4DFA4-78BE-470A-8BBF-8327EC8D1D52}
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes\{36D7F151-C479-461E-BBDD-418A122AAACE}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes\{52F4DFA4-78BE-470A-8BBF-8327EC8D1D52}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes\{90BB08D6-2EAF-4AE0-806A-899338983DB3}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\SearchScopes\{A51B430E-4E4B-4BE3-95F1-BE45D27B31E9}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1817.mai...=avbsqpts9hk49"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.1: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.1: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/02/19 01:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry\AppData\Roaming\mozilla\Extensions
[2014/06/02 17:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\ux326xt3.default\extensions
[2013/12/22 11:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry\AppData\Roaming\mozilla\Profiles\8olvnzmy.Barry\extensions
[2013/12/22 11:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry\AppData\Roaming\mozilla\Profiles\8olvnzmy.Barry\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2014/03/30 08:42:47 | 000,123,940 | ---- | M] () (No name found) -- C:\Users\Barry\AppData\Roaming\mozilla\firefox\profiles\ux326xt3.default\extensions\[email protected]
[2014/03/30 08:42:49 | 000,002,193 | ---- | M] () -- C:\Users\Barry\AppData\Roaming\mozilla\firefox\profiles\ux326xt3.default\searchplugins\duckduckgo.xml
[2014/05/10 08:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 08:46:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.c...q={searchTerms}
CHR - default_search_provider: suggest_url = https://ac.duckduckg...rms}&type=list,
CHR - homepage: http://mail.yahoo.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ads Removal = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: RealNetworks Downloader Extension = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/06/02 17:10:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (PrivDog Extension) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: []  File not found
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001..\Run: [SlickRun] C:\Program Files (x86)\SlickRun\sr.exe (Bayden Systems)
O4 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - Reg Error: Key error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://alternatiff.c...-ie/alttiff.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA39343D-89A7-49E4-9381-46A384AFA8D8}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/02 17:27:50 | 000,021,184 | ---- | C] (IObit) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2014/06/02 17:07:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/31 14:48:29 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/05/30 12:56:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
[2014/05/20 09:12:18 | 000,000,000 | -HSD | C] -- C:\Users\Barry\AppData\Local\EmieUserList
[2014/05/20 09:12:18 | 000,000,000 | -HSD | C] -- C:\Users\Barry\AppData\Local\EmieSiteList
[2014/05/18 22:16:06 | 000,000,000 | ---D | C] -- C:\Users\Barry\AppData\Roaming\ProductData
[2014/05/14 22:41:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/14 22:41:03 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/14 22:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 19:58:23 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 19:58:20 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 19:57:58 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 19:57:57 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 19:57:57 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 19:57:56 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 19:57:56 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 19:57:55 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 19:57:53 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 19:57:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 19:57:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 19:57:52 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 19:57:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 19:57:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 19:57:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 19:57:51 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 19:57:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 19:57:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 19:57:51 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 19:57:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 19:57:51 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 19:57:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 19:57:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 19:57:50 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 19:57:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 15:25:30 | 017,938,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/05/11 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\Barry\Documents\Hermes, alchemy & odysseus Joseph Campbell T1 S2_data
[2014/05/10 08:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/06 19:12:21 | 000,000,000 | ---D | C] -- C:\Users\Barry\Documents\Hermes, Alchemy and Odysseus, Joseph Campbell T1 S1_data
[2010/10/13 10:04:27 | 012,433,040 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[1 C:\Users\Barry\Documents\*.tmp files -> C:\Users\Barry\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/02 20:38:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 20:37:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/02 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/06/02 17:35:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 17:35:14 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/02 17:27:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 17:27:47 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/06/02 17:27:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 17:27:25 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/02 17:10:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/06/02 09:04:04 | 000,004,486 | ---- | M] () -- C:\Users\Barry\Documents\cc_20140602_090320.reg
[2014/06/01 22:33:30 | 000,021,572 | ---- | M] () -- C:\Users\Barry\Documents\cc_20140601_223313.reg
[2014/06/01 22:32:00 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/31 15:16:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/30 21:09:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarry.job
[2014/05/30 12:56:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barry\Desktop\OTL.exe
[2014/05/29 17:14:53 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/05/29 13:20:37 | 000,000,600 | ---- | M] () -- C:\Users\Barry\PUTTY.RND
[2014/05/20 22:10:34 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/05/17 07:35:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/05/13 15:25:45 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/13 15:25:45 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 15:25:31 | 017,938,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/05/11 22:13:23 | 000,030,720 | ---- | M] () -- C:\Users\Barry\Documents\Hermes, alchemy & odysseus Joseph Campbell T1 S2.aup
[2014/05/09 01:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 01:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/06 19:12:22 | 000,032,557 | ---- | M] () -- C:\Users\Barry\Documents\Hermes, Alchemy and Odysseus, Joseph Campbell T1 S1.aup
[2014/05/05 22:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 21:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[1 C:\Users\Barry\Documents\*.tmp files -> C:\Users\Barry\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/02 09:03:23 | 000,004,486 | ---- | C] () -- C:\Users\Barry\Documents\cc_20140602_090320.reg
[2014/06/01 22:33:15 | 000,021,572 | ---- | C] () -- C:\Users\Barry\Documents\cc_20140601_223313.reg
[2014/05/29 17:14:53 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/05/29 13:20:37 | 000,000,600 | ---- | C] () -- C:\Users\Barry\PUTTY.RND
[2014/05/20 22:10:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/05/20 22:10:34 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/05/11 22:13:23 | 000,030,720 | ---- | C] () -- C:\Users\Barry\Documents\Hermes, alchemy & odysseus Joseph Campbell T1 S2.aup
[2014/05/06 19:12:22 | 000,032,557 | ---- | C] () -- C:\Users\Barry\Documents\Hermes, Alchemy and Odysseus, Joseph Campbell T1 S1.aup
[2013/08/28 09:18:11 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/03/05 13:46:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/31 17:06:44 | 000,004,096 | -H-- | C] () -- C:\Users\Barry\AppData\Local\keyfile3.drm
[2012/07/29 16:51:59 | 000,000,046 | ---- | C] () -- C:\Users\Barry\AppData\Roaming\PriceBlink.dat
[2011/12/02 15:26:18 | 000,000,635 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/14 21:55:55 | 000,003,584 | ---- | C] () -- C:\Users\Barry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 09:18:34 | 000,603,420 | ---- | C] () -- C:\Program Files (x86)\tfwl.db5
[2011/07/05 09:18:34 | 000,064,739 | ---- | C] () -- C:\Program Files (x86)\Statistics.xml
[2011/07/05 09:18:34 | 000,004,339 | ---- | C] () -- C:\Program Files (x86)\Blogs.htm
[2011/05/19 21:14:18 | 000,000,000 | ---- | C] () -- C:\Users\Barry\AppData\Roaming\wklnhst.dat
[2010/04/21 22:04:36 | 000,007,599 | ---- | C] () -- C:\Users\Barry\AppData\Local\Resmon.ResmonCfg
[2010/04/06 17:32:05 | 000,000,058 | ---- | C] () -- C:\Users\Barry\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

 

I had the Extras.txt file ut in attempting to copy and paste I lost it  ... shie?@! ... sorry
 


  • 0

#18
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... so how can I find again the extras file so I can give it to you?


  • 0

#19
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... Perhaps this is the "extras.file" requested??? I hope I am correct... Barry

 

OTL Extras logfile created on: 6/2/2014 8:40:48 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 84.30% Memory free
15.50 Gb Paging File | 13.54 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.64 Gb Total Space | 841.21 Gb Free Space | 91.37% Space Free | Partition Type: NTFS
Drive D: | 10.77 Gb Total Space | 1.56 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
 
Computer Name: BARRY-PC | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022B121E-31E7-4F13-BBAE-9E60B4976982}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04F910A1-928F-46C5-BD59-227D102C0D48}" = rport=139 | protocol=6 | dir=out | app=system |
"{0F9726A4-5823-4B48-B6A0-CA16FF1EBE4F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{1214C637-1807-45AE-A4D1-A93035144843}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22AA56CE-BF0F-49BF-B120-5918FEDB111F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25A3512B-4401-4F83-B98D-31E78C001AB0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{28289BF1-43F8-4157-8300-250E330D2F9A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A1EA68E-D11C-4837-84EC-B040DAC84805}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E885DB3-E059-4D8D-A159-55B21D2BE997}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{333AE81B-243D-4A4F-91EB-42B096429B4C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4109AC4C-0F1C-4E4B-8134-39371D1F0E7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{439825DF-D25E-480F-918E-AE0BB4FAF73B}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CDDAFC4-4EC3-44FA-8362-062EC27DD68E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D5D15CB-A331-468E-9E9D-0DDF7355A146}" = rport=138 | protocol=17 | dir=out | app=system |
"{80CF5F92-4AC4-4186-A965-533A7E2A1BC9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84E7CAD6-91EB-43AD-A0A6-AC3C74C8A0DF}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CF3C5B4-C907-4B30-8610-63CD39203246}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{926E9789-CD8D-4023-9D05-E28F13041DC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9864ACFD-F054-43CC-8C5D-E3F4AA727ABD}" = lport=445 | protocol=6 | dir=in | app=system |
"{9914E717-824A-4939-927F-E2D8BAE266AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6FD4F47-E25B-4215-A08A-980F15E9B99A}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{AA2876FB-BC8C-488C-9B61-47548421DE1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B25BF92F-DBC4-4EF2-BF4F-E288506ECA4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B748D493-DA67-453A-BE84-FB1B2564603D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAAF11F8-5676-41B2-BA40-245F16077A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDAE019E-2DBA-414A-A5F0-DE814EABD2CA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{C57D92A7-C05F-4B89-882A-4D27C68DA1B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6C6805A-BB87-4AB5-B833-19E5E5F4016F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DDFE5A94-4957-4DDC-8F34-3D0A26AB51DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{E157E6A1-237E-442D-AD0C-907220DDD633}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5D205A2-2C00-4A47-AB63-BB7CE2200244}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1A25912-948B-4013-A26B-D97884093308}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9875DBB-E17A-4D68-9D15-5E397B48F98E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{FE23ECC2-0805-48E4-80FF-EF1186A01500}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05100B2C-E010-44FE-BBEF-1E12E5C2AF1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0BCFC242-EF9A-439F-A892-E0D1FB07C75E}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{0CF01F45-9C6B-49B9-8669-0F9A0A323305}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{127540DD-1740-418B-BBAD-2C1CC4176FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{13AC4A6A-1417-4E43-99B5-780DB3CF6E04}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{14A40242-9816-46BB-AF0F-06C5CDE21630}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{156948B9-219D-48A7-B787-65FAF6498B48}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{18AF481C-ECD9-42BE-B7B4-D80854741324}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{1C93E998-4714-4EC5-A713-D466DD5EBD26}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2345E773-16F1-48F3-AEDD-39A258DAEF65}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2B736AF6-6903-40B8-B108-DAB40CA2DC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DC744A2-3A53-49A9-A467-D37AC08DFB3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{2EA430E1-9FED-40D8-856A-E16D5CBC2282}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{31223883-98C3-4967-9926-A455FD323DE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38AADA1A-D66F-4DEE-B993-74E63807E1F0}" = protocol=6 | dir=out | app=system |
"{415A544E-756B-4CE6-88AE-44B742DC7E15}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{43D8F5E1-D716-4606-8814-9DF285C37A66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48797A32-8CC3-4DF4-AD9A-B7FAB2A842D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{48A4047B-0BB4-4211-8669-E4A35808432F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D7FCBED-986B-4205-B44F-89B5D29DAA86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{615F06A4-5107-4418-AF60-2462DF1951B3}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe |
"{6445578B-11E5-4F5D-8C9E-F4B94B270969}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6582B464-C230-4CB6-A6E5-F57F0F6FAE20}" = dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"{667050D1-31CD-45F4-9D40-E60F22E9B84D}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{6CD51E3E-9EC2-4013-8063-35FD96F20383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75EB1AE7-D23A-4877-B145-966129161EAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B6D4497-2C85-4621-A3DB-55495A7B13B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{86CC7C6D-603B-4246-B213-70F644FBE7B4}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\devicesetup.exe |
"{8A12C99B-C0CF-4BB1-8879-5F02238814EA}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\sendafax.exe |
"{8A7B8721-E4BE-4F7B-934E-8B4466602CCC}" = protocol=58 | dir=out | [email protected],-28546 |
"{902D741F-C100-4DEA-B62E-A0409C1136C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92DA025C-AA81-4739-AFF8-753B714620FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9A3D6A2B-842B-41D1-85E9-7555458F65A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A900D78-CA02-49A0-AB99-CF01CC952C32}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe |
"{AC897323-2277-48BF-8942-0496D9596F87}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{B06ED305-0E25-4648-8885-40E03B66EDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3FF8FDD-A771-479D-812E-489126F20DF7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BB19D24F-4362-4ADB-B993-3C799E598428}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\digitalwizards.exe |
"{BBC4326C-1A4C-4A71-AD88-BDDAA742E433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{BF63457A-B06B-4792-96CD-CF6680988E13}" = protocol=1 | dir=out | [email protected],-28544 |
"{C500986C-9801-46D1-BDC2-1B39B8FFAF2D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D0435717-820E-4E2C-B67F-9142C4EE2BB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D047EB0E-6890-4379-8F1A-B25E377C9B90}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D48661EB-CB7C-4274-86E2-47BB3D8AF55D}" = protocol=58 | dir=in | [email protected],-28545 |
"{D655EEE3-E82F-4DA9-99DF-2EBFC0A626D8}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\faxapplications.exe |
"{E00D8526-A8CE-4B11-BD37-934322D65353}" = protocol=6 | dir=in | app=c:\users\barry\appdata\roaming\dropbox\bin\dropbox.exe |
"{E2E25F01-9AD6-43C3-AD14-2CF2D8FFFCA0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6F013E9-5534-4E87-9717-A1575A093A95}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{E903C302-01A1-42C9-A09C-14AE1F8F80CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{E9E4F764-C785-4451-8940-67CB400B8521}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{F156B892-12CA-4244-945E-43552FDF96DB}" = protocol=1 | dir=in | [email protected],-28543 |
"{F31CC9CF-5459-45C7-9264-0F5A13F2E99D}" = protocol=17 | dir=in | app=c:\users\barry\appdata\roaming\dropbox\bin\dropbox.exe |
"{F84CD45F-D33D-43C9-ABCE-92A6C3D93CCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA235478-EA41-4DF2-90A0-C2828B76473F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{FDA18FD2-4778-4EBB-B2AC-A207031DD30D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDB5F016-4CB3-464E-9B14-024FF7A222B8}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{16B872EE-C458-41BD-BEAE-52758A3F3168}" = HP Photosmart 7520 series Product Improvement Study
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27ABA988-D480-4F44-B0FD-45E5656D2CFE}" = HP Photosmart 7520 series Basic Device Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.0
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08295D09-E002-48F8-905D-34E4B08509BA}" = HP Photosmart 7520 series Help
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3b081f5b-e4f4-4397-9211-edba516dbb57}" = Nero 9 Lite
"{3CC31D3E-369B-4029-A83E-251BB58A144C}_is1" = Type light 3.2.009
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5646676A-5A97-4B66-BE71-1B1770AD982B}" = StreetSmart Edge
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764C2308-2296-4411-935A-0BA6C067E44B}" = RealDownloader
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{955E709F-0C73-449C-A9F6-863D3C82FDA8}" = SlimCleaner
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF307EDA-A176-4D83-9775-D337810CF7A7}" = Cookienator
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2010 Free Advanced
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug
"{DCBADAAD-6AAE-497D-BF1D-FD402BEF6A88}" = RealWorld Paint
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF02A1B9-B4FB-4873-98A4-0793AF76557F}" = PDF Form Filler 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.25
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FA4AE537-3895-47A2-A1C0-14E39398FD29}" = Earth Alerts
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFE62AAA-60EC-71CF-0505-740B8E797647}" = Acrobat.com
"1190-3857-8766-9166" = TheBrain 7
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"AccelerateTab_is1" = AccelerateTab
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Astroburn Audio" = Astroburn Audio
"ATT-PRT22" = ATT-PRT22
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 8.1
"ClipboardHistory" = Clipboard History
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"D36979C7-FA03-4E1D-8627-F17E825E266A_is1" = MP3 Speed 5.1.9
"Device Doctor_is1" = Device Doctor v1.1
"DiskCheckup_is1" = DiskCheckup v3.0.1006
"Driver Booster_is1" = Driver Booster
"DVDStyler_is1" = DVDStyler v1.8.2
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 2.0
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.0.0
"Freemake Video Converter_is1" = Freemake Video Converter version 2.4.0
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"Hamster Free Burning Studio_is1" = Free Burning Studio 1.0.9.9
"Handbrake" = Handbrake 0.9.4
"HD Tune_is1" = HD Tune 2.55
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"IrfanView" = IrfanView (remove only)
"LookInMyPC" = LookInMyPC
"Lunar Calendars and Eclipse Finder_is1" = Lunar Calendars and Eclipse Finder 10.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maxthon3" = Maxthon Cloud Browser
"MenuUninstaller1.2.3" = MenuUninstaller
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PalTalk8.2" = PaltalkScene
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"Photo Pos Pro" = Photo Pos Pro
"Photodex Presenter" = Photodex Presenter
"PhotoScape" = PhotoScape
"PhraseExpress_is1" = PhraseExpress v8.0.154
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Process Tamer_is1" = Process Tamer 2.11.01
"Protected Folder_is1" = Protected Folder
"Rainmeter" = Rainmeter
"Revo Uninstaller" = Revo Uninstaller 1.95
"ScreenshotCaptor_is1" = Screenshot Captor 3.00.00
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SkyORB" = SkyORB 2010
"SlickRun" = Bayden SlickRun
"Smart Defrag 3_is1" = Smart Defrag 3
"TreePadLite4" = TreePad Lite 4.3
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TurboTax 2013" = TurboTax 2013
"Tux Paint_is1" = Tux Paint 0.9.21
"UltraDefrag" = Ultra Defragmenter
"VLC media player" = VLC media player 1.1.8
"What's Running_is1" = What's Running 2.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-162333149-2528324306-3431726372-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Colorblind Assistant" = Colorblind Assistant
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"Severe Weather Alerts" = Severe Weather Alerts
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 3038
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 9000
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Windows Search Service | ID = 7010
Description =
 
[ Hewlett-Packard Events ]
Error - 5/22/2014 10:07:22 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051422090650.xml
 File not created by asset agent
 
Error - 5/22/2014 10:08:29 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051422090757.xml
 File not created by asset agent
 
Error - 5/22/2014 10:09:01 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051422090829.xml
 File not created by asset agent
 
Error - 5/23/2014 1:43:05 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051423124233.xml
 File not created by asset agent
 
Error - 5/23/2014 1:43:37 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051423124305.xml
 File not created by asset agent
 
Error - 5/23/2014 1:44:56 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051423124424.xml
 File not created by asset agent
 
Error - 5/23/2014 1:45:28 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051423124456.xml
 File not created by asset agent
 
Error - 5/29/2014 11:46:20 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051429104547.xml
 File not created by asset agent
 
Error - 5/29/2014 11:46:52 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051429104620.xml
 File not created by asset agent
 
Error - 5/29/2014 11:47:58 PM | Computer Name = Barry-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051429104726.xml
 File not created by asset agent
 
[ System Events ]
Error - 6/2/2014 5:14:39 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147218173.
 
Error - 6/2/2014 5:21:15 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 6/2/2014 6:07:53 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7034
Description = The IMF Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 6/2/2014 6:07:53 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7031
Description = The TightVNC Server service terminated unexpectedly.  It has done
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 6/2/2014 6:27:33 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 Antimalware Service service to connect.
 
Error - 6/2/2014 6:27:33 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
 following error:   %%1053
 
Error - 6/2/2014 6:27:49 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 6/2/2014 6:29:12 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
Error - 6/2/2014 9:37:48 PM | Computer Name = Barry-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
 Host service which failed to start because of the following error:   %%1058
 
 
< End of report >
 


  • 0

#20
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Yes! You are correct! That is the Extras.txt log that I need to see. Thank you! :)

Give me a bit of time to review the logs and prepare our next set of instructions. This may take a bit of time to prepare, so your patience will be necessary.

Donna :)
  • 0

#21
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... Your patience and knowledge are what are supporting me (and my wife) ... God Bless and thanks ...


  • 0

#22
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Thank you Barry. It is truly a privilege to help you. :happy:

We will be downloading more tools that will be needed to proceed with analysis in the near furture, so before we go any further, I would like to request that you change the default location for the downloads from the downloads folder to the desktop. Many of our tools must be run from the desktop and this change will eliminate you having to constantly move the downloaded files.

Please do so now. If you prefer, we can change the default location back when we are finished. If you are not quite sure how to do so, I had created a "tutorial" some time ago for someone else I had helped. The instructions can be found below:

How to change Firefox default download location to the desktop:
  • Click on Tools in the Firefox menu bar as shown below:
    FFMenubar.jpg
  • Click on Options in the dropdown box as shown below.
    FFToolsmenu.jpg
  • Click on the General tab, then click on the dial button to the left of Save files to: then click on the Browse... button as shown below.
    FFGeveraltab.jpg
  • Click on Desktop in the right column of the Choose Download Folder screen that pops up.
    FFChooseDesktop.jpg

    Desktop will then appear in the Folder: field at the bottom of the window.
  • Click on the SelectFolder.jpg button at the bottom right of the Choose Download Folder screen. (This will place Desktop in the Save files to: field in step 3 above.)
  • Back on the Options screen, click OK at the bottom.
  • All downloads should now download directly to the desktop as well as leaving a copy in the downloads folder.
I'll now prepare our next set of instructions and have them ready for you in the morning. :)
  • 0

#23
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... My firefox screen no longer (not sure when I lost it) has the

 

{YOR INITIAL IMAGE GOES HERE}

 

SO that I can choose "tools "

 

I do have a (open window it is called )

 

 

 

in the upper left hand corner which expands , but I cannot capture the image  of it. I used to see the bit that you reference but, somehow I accidently (I guess) dis abled it. I'll continue to search about ...  I tried to "post" this reply and received an error "you are not allowed to use the image extension on this community , so I will have to back track and delete the images in the note ,,, Barry


  • 0

#24
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... I got the menu bar back and will proceed with your directions ... Barry


  • 0

#25
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... O.K I have performed the task  and am ready for what lies ahead ... Barry


  • 0

Advertisements


#26
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Barry,

Perfect! :happy:

I hope I didn't mess anything up. I prepared this in a hurry. Need to run an errand real quick while you do tackle the tasks below.

Ok, let's proceed. :thumbsup:

Before I have you remove more files, I am going to have you remove some programs that are not needed, or were installed along with other software that had been downloaded.

I arranged the programs to be in alphabetical order. That is the way they are aligned in the Programs and Features list, so all you have to do is left click and choose Uninstall or Remove as you go down the list. Please note: Some of the programs may not be found. If not, move on to the next one. :)

Please do the following:
  • Click on the Start VISTAORB.jpg
  • Click on Control Panel found in the right side column of the Start Menu.
  • Click on Programs and Features
  • IObit Malware Fighter
    IObit Uninstaller
    Java 6 Update 22
    LookInMyPC
    McAfee Security Scan Plus
    PC-Doctor for Window
    Smart Defrag 3
    Surfing Protection
    Ultra Defragmenter

    Next:
When you are finished with uninstalling the programs above, please do the following:
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.[
  • Copy everything in blue found in the quote box below, then paste into the Custom Scans/Fixes box at the bottom of the OTL window:

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    PRC - [2014/03/10 18:17:10 | 003,448,608 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
    PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
    MOD - [2012/09/05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
    SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
    DRV:64bit: - [2013/12/24 10:40:32 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
    DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
    DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
    DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-162333149-2528324306-3431726372-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Commands
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the RunFix.jpg button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • How to find the Fix log.
    • Click on your StartVISTAORB.jpg
    • Click on Computer in the right side panel.
    • Click on Local Disk C:
    • Click on _OTL folder.
    • Click on MovedFiles folder.
    • Look for the file with todays date with the time the Fix was ran.]
    How to post the log in your topic:
    • Come to your topic here at Geeks to Go.
    • Scroll all the way down to the bottom of the page and you will see a box that looks like this:
      replybox.jpg
    • Right click inside the box an choose paste.
    • If paste does not work, click on the little light switch in the upper left hand corner of the menu bar above.
      lightswitch.jpg
    • Try to paste again.
    • Now that you have pasted the scan log into the box, scroll down and click on the Post button under the reply box.
    Once you have the scan log pasted into the box, you can type anything you want to say above or below what you pasted into the reply box, being careful not to type in the middle of what you just pasted.

    You can also click on the More Reply Options button to review the post you just created to make sure it looks right, then you will have to click on the Add Reply to submit the post.

    If you have any trouble, I'll be back soon. I feel bad that I have to leave you for a time, but I have the utmost confidence that you will do a fine job. :yes:

    Back soon!

  • 0

#27
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna …

I uninstalled the requested programs.

 

I could not find a “PC-Doctor” to uninstall but there are two PC-Wizard  “programs” published by CPUID. I did nothing to them. There is a protected folder published by IOBit, and I did nothing to that also.

 

"Moved Files" FIX FILE.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named SmartDefrag.exe was found!
Process TFService.exe killed successfully!
Error: No service named MsMpSvc was found to stop!
Unable to delete service\driver key MsMpSvc.
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
Error: No service named McComponentHostService was found to stop!
Service\Driver key McComponentHostService not found.
File C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe not found.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Error: Unable to stop service TfSysMon!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TfSysMon deleted successfully.
C:\Windows\SysNative\drivers\TfSysMon.sys moved successfully.
Error: Unable to stop service TfNetMon!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TfNetMon deleted successfully.
C:\Windows\SysNative\drivers\TfNetMon.sys moved successfully.
Error: Unable to stop service TfFsMon!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TfFsMon deleted successfully.
C:\Windows\SysNative\drivers\TfFsMon.sys moved successfully.
Service PCDSRVC{F36B3A4C-F95654BD-06000000}_0 stopped successfully!
Service PCDSRVC{F36B3A4C-F95654BD-06000000}_0 deleted successfully!
c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ not found.
File C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ not found.
File C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-162333149-2528324306-3431726372-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Barry
->Temp folder emptied: 9758971 bytes
->Temporary Internet Files folder emptied: 70890 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57698560 bytes
->Google Chrome cache emptied: 6296443 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 936 bytes
 
User: barry_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1081562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 71.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032014_133028

Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft Security Client\MsMpEng.exe scheduled to be moved on reboot.
C:\Users\Barry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Barry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#28
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... I see that my computer has a TCP connection with a.tribalfusion.com.  This is something I do not ever recall seeing on my computer.  Is it something we might have3 done?The results of an internet search on it leaves me a bit nervous ... till later ... Barry


  • 0

#29
barry1gingrich

barry1gingrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Donna ... and now the TCP connection is gone ... Barry


  • 0

#30
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi Barry,

Sorry for the delay. I have looked back through all the logs in the previous posts and see no indication of where this a.tribalfusion.com might have come from or where it might still be lurking in the shadows. I even had a friend take a look to ensure my eyes missed something. He agreed. Have you experienced any other episodes since yesterday concerning this invisible invader?

After quite a bit of research, I decided that I am going to have you install the new version of Malwarebytes Anti-malware. After you download version 2 from the link provided below, the new version will write over the older version. There is no need to remove the previous version. If the previous version is the Pro version (paid subscription version) you will lose your license if you remove the older version prior to reinstall.

Please download and install Malwarebytes Anti-malware version 2 from >>here<<
  • Click on Dashboard button at the top and to the right of Database Version, click the Update Now >> link.
  • After the updates complete, click on the Settings button at the top then click on Detection and Protection.
  • Under Detection Options, make sure all 3 options are checked.
  • Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
  • Click on the Scan button at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
  • If you are offered to update again, go ahead and click the Update Now >> button. Once the update is complete, the Threat Scan will begin.
  • When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • How to find and post log:
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History button then Application Logs
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click Copy to Clipboard
    • Paste the contents of the clipboard into your reply.
    Please let me know if you have any questions or concerns.

    Donna :)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP