Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan [Solved]

Started by zerokreap , Jun 24 2014 04:49 PM

  • This topic is locked This topic is locked

#1
zerokreap
Posted 24 June 2014 - 04:49 PM

zerokreap

    Member

  • Member
  • PipPip
  • 20 posts

I believe a trojan has changed my registry. My main admin account is now not recognized as an admin and I cannot remove certain malware entries identified by my malware detection software. 

 

I did consult this post, which gave me an idea what I am dealing with, but am hoping someone more knowledgeable than myself can lend me a hand:

 

http://www.geekstogo...ts#entry2386815

 

Thanks


  • 0

Advertisements

#2
Essexboy
Posted 25 June 2014 - 09:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will to have a look at the system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs
THEN

Download aswMBR.exe ( 4.9mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
If Avast is not your AV it will ask to download virus definitions, allow this

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
zerokreap
Posted 25 June 2014 - 04:56 PM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thanks so much for responding. I will get on this right away and post results ASAP!


  • 0

#4
zerokreap
Posted 25 June 2014 - 09:57 PM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Sorry it took so long, aswMBR kept crashing on me when it got to the same folder (an old work profile). I deleted the folder and the scan completed.

Here is the output from everything:

OTL logfile created on: 6/25/2014 5:58:47 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.96 Gb Total Physical Memory | 5.85 Gb Available Physical Memory | 58.72% Memory free
19.92 Gb Paging File | 15.78 Gb Available in Paging File | 79.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 416.11 Gb Free Space | 45.15% Space Free | Partition Type: NTFS

Computer Name: HAL_REBORN | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/25 17:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Downloads\OTL (3).exe
PRC - [2014/06/12 06:48:35 | 001,267,536 | ---- | M] (BitTorrent Inc.) -- C:\Users\*****\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/06/05 17:46:42 | 024,474,752 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/06/04 17:18:02 | 003,162,944 | ---- | M] () -- C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/05/15 16:38:02 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/11 23:36:50 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2010/01/27 16:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/25 17:53:15 | 000,027,136 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_multiprocessing.pyd
MOD - [2014/06/25 17:53:15 | 000,007,168 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\hashobjs_ext.pyd
MOD - [2014/06/25 17:53:14 | 001,175,040 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._core_.pyd
MOD - [2014/06/25 17:53:14 | 001,160,704 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_ssl.pyd
MOD - [2014/06/25 17:53:14 | 001,062,400 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._controls_.pyd
MOD - [2014/06/25 17:53:14 | 000,811,008 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._windows_.pyd
MOD - [2014/06/25 17:53:14 | 000,805,888 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._gdi_.pyd
MOD - [2014/06/25 17:53:14 | 000,735,232 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._misc_.pyd
MOD - [2014/06/25 17:53:14 | 000,713,216 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_hashlib.pyd
MOD - [2014/06/25 17:53:14 | 000,686,080 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\unicodedata.pyd
MOD - [2014/06/25 17:53:14 | 000,557,056 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\pysqlite2._sqlite.pyd
MOD - [2014/06/25 17:53:14 | 000,525,640 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/25 17:53:14 | 000,364,544 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\pythoncom27.dll
MOD - [2014/06/25 17:53:14 | 000,320,512 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32com.shell.shell.pyd
MOD - [2014/06/25 17:53:14 | 000,167,936 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32gui.pyd
MOD - [2014/06/25 17:53:14 | 000,128,512 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_elementtree.pyd
MOD - [2014/06/25 17:53:14 | 000,127,488 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\pyexpat.pyd
MOD - [2014/06/25 17:53:14 | 000,122,368 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._wizard.pyd
MOD - [2014/06/25 17:53:14 | 000,119,808 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32file.pyd
MOD - [2014/06/25 17:53:14 | 000,110,080 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\pywintypes27.dll
MOD - [2014/06/25 17:53:14 | 000,108,544 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32security.pyd
MOD - [2014/06/25 17:53:14 | 000,098,816 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32api.pyd
MOD - [2014/06/25 17:53:14 | 000,087,552 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_ctypes.pyd
MOD - [2014/06/25 17:53:14 | 000,078,336 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._animate.pyd
MOD - [2014/06/25 17:53:14 | 000,070,656 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\wx._html2.pyd
MOD - [2014/06/25 17:53:14 | 000,045,568 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\_socket.pyd
MOD - [2014/06/25 17:53:14 | 000,038,912 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32inet.pyd
MOD - [2014/06/25 17:53:14 | 000,035,840 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32process.pyd
MOD - [2014/06/25 17:53:14 | 000,025,600 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32pdh.pyd
MOD - [2014/06/25 17:53:14 | 000,024,064 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32pipe.pyd
MOD - [2014/06/25 17:53:14 | 000,022,528 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32ts.pyd
MOD - [2014/06/25 17:53:14 | 000,018,432 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32event.pyd
MOD - [2014/06/25 17:53:14 | 000,017,408 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32profile.pyd
MOD - [2014/06/25 17:53:14 | 000,011,264 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\win32crypt.pyd
MOD - [2014/06/25 17:53:14 | 000,010,240 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI29522\select.pyd
MOD - [2014/06/04 17:18:02 | 003,162,944 | ---- | M] () -- C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/05/15 16:24:36 | 000,344,064 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/05/15 16:21:24 | 000,253,440 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/05/15 16:20:58 | 000,231,936 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/05/15 16:20:54 | 000,117,248 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/12/10 16:06:52 | 000,026,624 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 16:06:42 | 010,683,392 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 16:06:40 | 001,681,408 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 16:06:38 | 007,741,952 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 16:06:36 | 002,248,192 | ---- | M] () -- C:\Users\*****\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/17 21:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/06/22 19:34:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 10:41:07 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/01 18:34:58 | 000,097,104 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/17 21:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 20:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 07:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/07 22:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DA3FF58C-1C55-4F9B-982D-158DFE3A8DEF}
IE:64bit: - HKLM\..\SearchScopes\{DA3FF58C-1C55-4F9B-982D-158DFE3A8DEF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro...000842b2b98e7bc
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes\{50E09F18-32C0-4E3E-A2B9-0797029C0D46}: "URL" = http://search.condui...6511392223&UM=2
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.15.770
FF - prefs.js..extensions.enabledAddons: %7BBB080420-8088-F650-3D47-13799CCD6159%7D:1.41
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.21.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "173.234.85.255"
FF - prefs.js..network.proxy.http_port: 27281
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/08 18:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/22 19:34:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/22 19:34:37 | 000,000,000 | ---D | M]

[2012/08/17 00:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2014/06/21 16:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x0kmyaw7.default\extensions
[2013/10/19 22:23:48 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\x0kmyaw7.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/04/28 19:38:31 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\[email protected]
[2014/06/21 16:07:43 | 005,564,319 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\[email protected]
[2012/12/16 10:31:29 | 000,077,093 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}.xpi
[2013/10/27 20:56:54 | 000,003,746 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\searchplugins\safeguard-secure-search.xml
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/22 19:34:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Chromebleed = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic\2.0_0\
CHR - Extension: Zotero Connector = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc\4.0.8.2_0\
CHR - Extension: Click&Clean = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: Disconnect = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.14_0\
CHR - Extension: SlingPlayer Web Plug-in = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\
CHR - Extension: Google Wallet = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Click&Clean App = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.6_0\
CHR - Extension: Vid-Saver = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_78\crossrider
CHR - Extension: Vid-Saver = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_78\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (KeyBar 2.5 Toolbar) - {92ED4BBD-83F2-4C70-BB4E-F8D3716143FE} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Amazon Music] C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [BackgroundContainer] C:\Users\*****\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [MusicManager] C:\Users\*****\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Spotify] C:\Users\*****\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Spotify Web Helper] C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...h.cab(ShockwaveFlash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C2B6FC-9DF0-4817-BC10-325E42D099AB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{48b8a3fa-de82-11e1-a290-842b2b98e7bc}\Shell - "" = AutoRun
O33 - MountPoints2\{48b8a3fa-de82-11e1-a290-842b2b98e7bc}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/06/24 20:08:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[2014/06/24 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Amazon Music
[2014/06/24 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{16DB033D-E8EB-489A-990C-4671F087EE33}
[2014/06/22 19:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/20 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{8A343506-D9EE-400B-BDFB-455C2C0E98A4}
[2014/06/17 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A30FF694-A4A0-485E-A5C2-5A2C9DEADBF8}
[2014/06/12 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{5662D425-D95C-408B-9624-BEDF6A9E42EF}
[2014/06/11 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A15AB90D-A220-4923-B3D9-CE5600045149}
[2014/06/11 07:10:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/11 07:10:48 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/11 07:10:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 07:10:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 07:10:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 07:10:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/11 07:10:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/11 07:10:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 07:10:43 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 07:10:43 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/11 07:10:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/11 07:10:43 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 07:10:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/11 07:10:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 07:10:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 07:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/11 07:10:42 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/11 07:10:42 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/11 07:10:42 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/11 07:10:41 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 07:10:41 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 07:10:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/11 07:10:41 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/11 07:10:41 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/11 07:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 07:10:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/11 07:10:40 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/11 07:10:40 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/11 07:10:40 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/11 07:10:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/11 07:10:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/11 07:10:39 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/11 07:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/11 07:10:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/11 07:10:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/27 23:12:04 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\996tt
[2006/07/04 11:11:00 | 002,123,432 | ---- | C] (ComponentOne LLC) -- C:\Program Files (x86)\Common Files\olch2x8.ocx

========== Files - Modified Within 30 Days ==========

[2014/06/25 17:53:10 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/25 17:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/25 17:40:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/25 17:22:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000UA.job
[2014/06/25 08:24:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 08:24:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 08:16:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/25 08:16:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/25 08:16:30 | 574,375,936 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/25 08:16:29 | 3725,942,783 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/25 04:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000Core.job
[2014/06/24 20:09:06 | 000,001,184 | ---- | M] () -- C:\Users\*****\Desktop\Amazon Music.lnk
[2014/06/22 21:06:00 | 000,002,050 | ---- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/22 12:55:38 | 000,002,015 | ---- | M] () -- C:\Users\*****\Desktop\Canon Inkjet MX310 series - Shortcut.lnk
[2014/06/15 17:29:36 | 001,241,607 | ---- | M] () -- C:\Users\*****\Desktop\Vintage-Chart.jpg
[2014/06/11 17:38:56 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/10 11:17:40 | 000,143,627 | ---- | M] () -- C:\Users\*****\Desktop\SoundgardenTickets_FrontRow.pdf
[2014/05/30 05:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 04:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 04:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 04:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 04:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 04:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 04:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 04:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 04:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 04:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 04:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 03:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 03:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 03:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 03:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 03:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 03:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 03:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 03:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 03:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 03:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 03:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 03:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 03:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 03:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 03:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 03:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 03:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 02:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 02:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 02:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 02:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014/06/24 20:09:06 | 000,001,184 | ---- | C] () -- C:\Users\*****\Desktop\Amazon Music.lnk
[2014/06/22 12:55:38 | 000,002,015 | ---- | C] () -- C:\Users\*****\Desktop\Canon Inkjet MX310 series - Shortcut.lnk
[2014/06/15 17:29:35 | 001,241,607 | ---- | C] () -- C:\Users\*****\Desktop\Vintage-Chart.jpg
[2014/06/10 11:17:38 | 000,143,627 | ---- | C] () -- C:\Users\*****\Desktop\SoundgardenTickets_FrontRow.pdf
[2014/02/26 04:03:37 | 000,776,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/29 14:36:04 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2013/07/26 08:24:22 | 006,275,760 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
[2013/07/26 08:24:22 | 001,239,216 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
[2013/07/26 08:24:22 | 000,394,416 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/07/26 08:24:22 | 000,288,944 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/07/26 08:24:22 | 000,235,184 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013/07/26 08:24:22 | 000,190,640 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/07/26 08:24:22 | 000,150,192 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013/06/08 06:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/06/08 06:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/06/08 06:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/06/08 06:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/06/08 06:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/06/08 06:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/06/08 06:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/06/08 06:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/06/08 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/06/08 06:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2013/01/13 21:02:44 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/24 11:26:25 | 000,000,036 | ---- | C] () -- C:\Users\*****\TPWinAuth.ini
[2012/10/20 21:36:11 | 000,001,543 | ---- | C] () -- C:\Users\*****\.recently-used.xbel
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/15 12:17:31 | 000,004,608 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 01:48:11 | 000,000,263 | ---- | C] () -- C:\Users\*****\.net.cbsolution.ps.srvcr.preferences.properties
[2011/08/31 20:47:56 | 000,007,612 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011/07/17 21:02:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/15 23:41:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/02/19 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\e-academy Inc
[2011/01/21 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Eclipse
[2012/10/20 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2012/02/17 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2013/10/27 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenCandy
[2012/10/24 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sensitivity
[2010/10/16 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sling Media
[2014/06/25 17:53:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify
[2012/08/12 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SPSSInc
[2010/10/13 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Trusteer
[2014/06/25 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012/08/16 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Xilisoft
[2013/07/27 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zotero
[2012/05/23 18:40:59 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Amazon
[2011/01/18 16:24:59 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\gtk-2.0
[2010/12/13 13:50:28 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Trusteer
[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Trusteer

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/07 17:29:46 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000Core.job
[2011/07/07 17:29:48 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000UA.job
[2012/04/29 21:41:05 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/09/13 19:47:48 | 000,000,912 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 19:47:50 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is FC39-B9F5
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\******
10/04/2010 12:44 PM <JUNCTION> Application Data [C:\Users\******\AppData\Roaming]
10/04/2010 12:44 PM <JUNCTION> Cookies [C:\Users\******\AppData\Roaming\Microsoft\Windows\Cookies]
10/04/2010 12:44 PM <JUNCTION> Local Settings [C:\Users\******\AppData\Local]
10/04/2010 12:44 PM <JUNCTION> My Documents [C:\Users\******\Documents]
10/04/2010 12:44 PM <JUNCTION> NetHood [C:\Users\******\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/04/2010 12:44 PM <JUNCTION> PrintHood [C:\Users\******\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/04/2010 12:44 PM <JUNCTION> Recent [C:\Users\******\AppData\Roaming\Microsoft\Windows\Recent]
10/04/2010 12:44 PM <JUNCTION> SendTo [C:\Users\******\AppData\Roaming\Microsoft\Windows\SendTo]
10/04/2010 12:44 PM <JUNCTION> Start Menu [C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu]
10/04/2010 12:44 PM <JUNCTION> Templates [C:\Users\******\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\******\AppData\Local
10/04/2010 12:44 PM <JUNCTION> Application Data [C:\Users\******\AppData\Local]
10/04/2010 12:44 PM <JUNCTION> History [C:\Users\******\AppData\Local\Microsoft\Windows\History]
10/04/2010 12:44 PM <JUNCTION> Temporary Internet Files [C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\******\Documents
10/04/2010 12:44 PM <JUNCTION> My Music [C:\Users\******\Music]
10/04/2010 12:44 PM <JUNCTION> My Pictures [C:\Users\******\Pictures]
10/04/2010 12:44 PM <JUNCTION> My Videos [C:\Users\******\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\*****
09/04/2010 10:59 PM <JUNCTION> Application Data [C:\Users\*****\AppData\Roaming]
09/04/2010 10:59 PM <JUNCTION> Cookies [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies]
09/04/2010 10:59 PM <JUNCTION> Local Settings [C:\Users\*****\AppData\Local]
09/04/2010 10:59 PM <JUNCTION> My Documents [C:\Users\*****\Documents]
09/04/2010 10:59 PM <JUNCTION> NetHood [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/04/2010 10:59 PM <JUNCTION> PrintHood [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/04/2010 10:59 PM <JUNCTION> Recent [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Recent]
09/04/2010 10:59 PM <JUNCTION> SendTo [C:\Users\*****\AppData\Roaming\Microsoft\Windows\SendTo]
09/04/2010 10:59 PM <JUNCTION> Start Menu [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu]
09/04/2010 10:59 PM <JUNCTION> Templates [C:\Users\*****\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\*****\AppData\Local
09/04/2010 10:59 PM <JUNCTION> Application Data [C:\Users\*****\AppData\Local]
09/04/2010 10:59 PM <JUNCTION> History [C:\Users\*****\AppData\Local\Microsoft\Windows\History]
09/04/2010 10:59 PM <JUNCTION> Temporary Internet Files [C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\*****\Documents
09/04/2010 10:59 PM <JUNCTION> My Music [C:\Users\*****\Music]
09/04/2010 10:59 PM <JUNCTION> My Pictures [C:\Users\*****\Pictures]
09/04/2010 10:59 PM <JUNCTION> My Videos [C:\Users\*****\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Kim
12/13/2010 01:50 PM <JUNCTION> Application Data [C:\Users\Kim\AppData\Roaming]
12/13/2010 01:50 PM <JUNCTION> Cookies [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Cookies]
12/13/2010 01:50 PM <JUNCTION> Local Settings [C:\Users\Kim\AppData\Local]
12/13/2010 01:50 PM <JUNCTION> My Documents [C:\Users\Kim\Documents]
12/13/2010 01:50 PM <JUNCTION> NetHood [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/13/2010 01:50 PM <JUNCTION> PrintHood [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/13/2010 01:50 PM <JUNCTION> Recent [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Recent]
12/13/2010 01:50 PM <JUNCTION> SendTo [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\SendTo]
12/13/2010 01:50 PM <JUNCTION> Start Menu [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu]
12/13/2010 01:50 PM <JUNCTION> Templates [C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Kim\AppData\Local
12/13/2010 01:50 PM <JUNCTION> Application Data [C:\Users\Kim\AppData\Local]
12/13/2010 01:50 PM <JUNCTION> History [C:\Users\Kim\AppData\Local\Microsoft\Windows\History]
12/13/2010 01:50 PM <JUNCTION> Temporary Internet Files [C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Kim\AppData\LocalLow
01/11/2011 01:48 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Kim\Documents
12/13/2010 01:50 PM <JUNCTION> My Music [C:\Users\Kim\Music]
12/13/2010 01:50 PM <JUNCTION> My Pictures [C:\Users\Kim\Pictures]
12/13/2010 01:50 PM <JUNCTION> My Videos [C:\Users\Kim\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-HAL_REBORN
07/17/2011 09:03 PM <JUNCTION> Application Data [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming]
07/17/2011 09:03 PM <JUNCTION> Cookies [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Cookies]
07/17/2011 09:03 PM <JUNCTION> Local Settings [C:\Users\Mcx1-HAL_REBORN\AppData\Local]
07/17/2011 09:03 PM <JUNCTION> My Documents [C:\Users\Mcx1-HAL_REBORN\Documents]
07/17/2011 09:03 PM <JUNCTION> NetHood [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/17/2011 09:03 PM <JUNCTION> PrintHood [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/17/2011 09:03 PM <JUNCTION> Recent [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Recent]
07/17/2011 09:03 PM <JUNCTION> SendTo [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\SendTo]
07/17/2011 09:03 PM <JUNCTION> Start Menu [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Start Menu]
07/17/2011 09:03 PM <JUNCTION> Templates [C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-HAL_REBORN\AppData\Local
07/17/2011 09:03 PM <JUNCTION> Application Data [C:\Users\Mcx1-HAL_REBORN\AppData\Local]
07/17/2011 09:03 PM <JUNCTION> History [C:\Users\Mcx1-HAL_REBORN\AppData\Local\Microsoft\Windows\History]
07/17/2011 09:03 PM <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-HAL_REBORN\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-HAL_REBORN\Documents
07/17/2011 09:03 PM <JUNCTION> My Music [C:\Users\Mcx1-HAL_REBORN\Music]
07/17/2011 09:03 PM <JUNCTION> My Pictures [C:\Users\Mcx1-HAL_REBORN\Pictures]
07/17/2011 09:03 PM <JUNCTION> My Videos [C:\Users\Mcx1-HAL_REBORN\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
99 Dir(s) 446,680,748,032 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< End of report >

OTL Extras logfile created on: 7/1/2013 9:41:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.96 Gb Total Physical Memory | 8.41 Gb Available Physical Memory | 84.39% Memory free
19.92 Gb Paging File | 17.81 Gb Available in Paging File | 89.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 527.29 Gb Free Space | 57.22% Space Free | Partition Type: NTFS

Computer Name: HAL_REBORN | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0004C341-A0AF-4594-95C3-DAF5AF754A22}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0633C26C-01B7-4350-843A-53D4350D17FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1023EB4F-54F3-4EB1-B602-764C5940DFD9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1030AC71-510B-4098-A9CB-6D591916D868}" = lport=2869 | protocol=6 | dir=in | app=system |
"{118B6867-9DF3-4035-A48C-17999EE6A654}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1208D522-BCCF-4BDC-BA8F-9CDC028EFCB8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1AE8CD4A-5C56-4BF0-AF52-B47A3FE53B30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24B20AD1-4B5C-4403-9206-6E8A1FC5A013}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{262015E4-61F1-483B-BD99-60C5865B9A03}" = lport=445 | protocol=6 | dir=in | app=system |
"{29A62DB1-0D67-40F5-8BE7-C2E32D970C74}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A9D80B8-E893-4A7E-B6D2-35F01EA4766F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F4CC9F8-100F-464A-8125-FE7B77E6800F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{300C308B-62B6-4BEC-A903-6498062AB069}" = rport=137 | protocol=17 | dir=out | app=system |
"{3301055A-8541-40C2-B5F2-F20C71394E85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{367B4F4E-F682-4A53-9632-289B279A1941}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F9932AA-55C2-4FD5-AB81-2F052D127368}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{401F8B4C-F6D8-4BAF-B517-C534CC159971}" = lport=137 | protocol=17 | dir=in | app=system |
"{45F326B9-8443-47D2-8A7A-D5B042975211}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46332967-43F5-4046-8742-C2E5172CD4DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46CF1E3A-F4E9-4B66-ACA9-C1BF61A43BA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D020D2A-65A9-40FE-A64F-3C21D565FDBB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F7965D4-8D95-4CC2-B773-ADEE10E36B48}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{551AFDE5-1028-421D-9021-74050F0CC7D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{55B83072-B5D8-4A0F-A6B7-5D77188E6DEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AE4298D-D0BA-4FE7-A09C-60F780247A14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62325BD2-C81D-40B3-B41B-5BBA34CC2729}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{632D663F-6F55-46B3-ADDD-747D68D13CBA}" = rport=138 | protocol=17 | dir=out | app=system |
"{6704133B-6D7F-4DAC-8A0B-61237C52E091}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6C7AF05D-3AA4-42B0-9F83-5AA380CB50E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8356FA75-274D-4673-AE20-0EDDD8830C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A440801-429B-4566-8FB7-B8CD2FEAF418}" = lport=10244 | protocol=6 | dir=in | app=system |
"{942D084F-CB7F-4895-A701-ABF1357563FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ECADA39-C031-4309-BABE-BE74E467E6DF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A03BB752-694B-4741-9517-F1BD5962600D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A6BB5040-C94E-49D2-95FB-E3A52F3FA477}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACDA895A-ABD3-47D5-9BDA-7C0565876BC1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AD52347D-472F-435D-B379-3CB8890DD28F}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF9ECFA8-DF89-4575-95A8-6D4891E62FE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFD56E23-E097-4736-AADE-B539014B32EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8778DCA-2812-41CF-BCCE-BCC6B2B14E4B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8A2CE8A-4090-439D-A34C-115EFEA694CC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C33073D0-FFF9-4491-AFE7-30607C0BB906}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD483A1A-6143-417D-99F8-75A8E1313948}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CD4C634A-796F-46FD-BDB1-A980F5723F80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA4B765D-3D2A-42DB-AF5E-29BB0812BEB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA753BD5-7FFB-46F3-9F6E-D865EC385557}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA9ED74E-EDC9-46DC-A300-7EB5D07B6403}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC53CE34-D05C-4032-9901-F2244840227C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDF6127F-D13E-4E32-931D-642876099715}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F0FAAD4A-BA04-4340-94FA-C60C12EB50E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBD9B732-083A-4A82-8FA9-E29CEF7A16E1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCAD5B8A-7C2E-4962-BAE0-80540E175F55}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C9BC95-34BB-4661-91DC-F7E8E06CDD7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{040C0DBE-442A-4487-B864-614907037BB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{061D1D2B-C81A-4170-BABA-439EAC757065}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08063EF9-A69B-4DA3-AF20-D7AE3B69E7E0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{08F1485F-8970-4054-9219-0F1E82EA3E30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0ED8D6D9-E055-4C50-9D91-C2ECAABC6177}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0F427B19-F684-4987-A5B7-693BF1A2DFEE}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{13B30A97-63D8-4844-A97D-26FAF008ED86}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1B61E912-BEA8-4C06-8978-2D77404F521A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{246F706C-1644-48F3-8A6C-2B903B3100D2}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{27ADF0DF-6060-4CB9-B9C9-C5B9115493B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32716CBF-8EE3-4B73-AABF-AE8C27B8D59E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32A6FDA2-5905-49D5-9263-DDCA445DA23E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{334DF4B7-6A4F-4A27-914D-7412A6231E57}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{38B2BDBB-9E04-4A16-9BF4-6724BE1859CF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3A320E9B-E5E2-4960-82C9-D9B721EB34AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BB5D4EA-800A-444E-BE4E-4D213B7A98BE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3CE95683-7941-4A25-B033-2D8A58BC4EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{45A4A4DC-AEE2-41D2-B13D-0058EB2AD245}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49DC71E7-60B2-4912-BC2A-234595F4625F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D2B0C50-F20F-4006-92FF-317D49E750BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{501DE032-E5FA-4377-B3F9-D799B41AB28B}" = protocol=1 | dir=out | [email protected],-28544 |
"{5142304B-8EE0-4BD9-80FA-CC1CDC5315AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51CE3F1E-9EC5-41E9-9023-D68630FC034A}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5B5474A5-ACD9-4AFB-8939-737EEF754BB5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6A6F71F7-45DB-4AB4-B469-B721DADECA40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7447F5DC-8E4A-4638-BCBF-82EE5E019546}" = protocol=1 | dir=in | [email protected],-28543 |
"{7F0DC240-191D-43FA-A826-F02F7E9DD979}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{88347F5D-FB63-461D-865A-C11E8F2F78F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A436088-3A5D-440A-A108-3C1225746A9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CFC3FA6-12B0-4EC7-AB12-221A2C467E39}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8E7A980D-F01B-4742-B685-8A2FC4526E84}" = protocol=58 | dir=in | [email protected],-28545 |
"{9071D0FD-01AF-4317-ACDD-AE5FC2696297}" = protocol=58 | dir=out | [email protected],-28546 |
"{9EFC7EFF-5B5E-4CF4-A294-8A6A9780C3AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9FB20B94-F2F0-4998-9119-B4C4F4980928}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A87E9E21-726E-45F9-AD0E-AC804B3E01E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C2539C88-76CE-41B5-9E47-64583601F15A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C750EC31-AD25-41A2-A341-95497F5604D8}" = protocol=6 | dir=out | app=system |
"{DCD2F6E0-F25D-4580-8147-F0E078D2F4E2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{DF90FE69-0774-46EC-9658-D571E30C8E4E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8F5D72B-5242-43B8-8A07-C082AD2F1271}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EDECD03F-A305-4A19-B134-07ABCB6DAB8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E722FA-1D3C-46E8-A1E7-A310508F8498}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F2FC00A3-9064-496B-A009-92F3FCDEF964}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F3C49873-FC0B-4C28-A56A-A2D9D00C879D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5620443-CE9D-45C5-B429-B5A36CCF761C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FBFF59B4-0F27-4DD0-A5E3-2A5F4D488F95}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FF868C68-CA1A-40B0-B495-953DB2865A72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{00908D1B-079A-45AE-B374-329C8158B521}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{406DCF11-4B67-4359-B888-E7F966E61516}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"TCP Query User{5D468CDC-3E85-48B8-805F-24E74AD70B5D}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{6C965BAC-7AF1-4B35-AEA8-F17AFF443D12}C:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{79E14442-9A63-46CD-A486-AE32D4E84409}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{80588441-12D1-4BF1-86C0-E62051318F12}C:\program files (x86)\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\stats.exe |
"TCP Query User{90F934E6-E811-4435-AF11-5DA8CE465333}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{A25AFECA-F3C2-4761-9789-C43EBC4E2589}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CC4DBF2F-CBA5-48A8-B871-39F904B6058C}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{03D9466E-4318-4003-8096-AB3C18A089B4}C:\users\*****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{444EA778-D504-40D1-A5C7-7B34133EFE62}C:\program files (x86)\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\stats.exe |
"UDP Query User{4D3BADEB-D00E-4DC6-8649-ECBF3FCF4D64}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe |
"UDP Query User{8A099C55-412E-4312-A259-7A0F16E53C70}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9C0946D0-0E17-4C6F-BF88-C1290CC1520F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{A0B77AFF-E2A6-4004-86BF-B3CF7B029B33}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{A27AF075-DF81-4A5F-A8DE-2EFBC54EE2A3}C:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{C50E79D0-2DC6-4EFE-B669-06DC815F083B}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{FDAD0231-8999-43E2-870D-5DB4CB1B0A9D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3EA71966-4551-1758-775B-91769B69720A}" = ccc-utility64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Professional 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E428946-8332-B93E-9C26-8ADFCEB8DDD8}" = CCC Help Spanish
"{114EA307-D8C8-C17C-4908-4A6F01EFFE1A}" = CCC Help Thai
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B37E535-AEFD-A318-5424-BDCD373D7F1C}" = Catalyst Control Center Localization All
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AE5481-1D87-5BAA-A18E-176953166A1D}" = Skins
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350E668F-57BA-435B-90B7-520E4862DAF4}" = SamplePower 3
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{3AEB8580-42C8-E795-F770-5149255C4632}" = CCC Help Greek
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3E89148E-8827-DB7C-57E7-7C3555DDB752}" = CCC Help Dutch
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8F48C5-6FAC-9744-55C9-38BF1F0C9425}" = CCC Help Russian
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F77DCBA-7370-CBAF-EF25-6FEB29541C84}" = CCC Help Czech
"{514D3391-F031-78C7-8939-94023AC8AB74}" = CCC Help French
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5A05DF12-909D-03A6-5983-C111BE26F2BF}" = CCC Help Portuguese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695D218A-DEF0-503B-3183-EB992A395159}" = CCC Help Norwegian
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager
"{6F665B6B-9C04-4A04-874E-E21912909A97}_is1" = Trusted Proxies Authenticator App 1.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D56726-B120-D93F-A426-279C95001F08}" = CCC Help Finnish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{818FA1BB-A0A9-F553-D9C7-125C541F3A3A}" = CCC Help Italian
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888C03E4-58E6-046B-E380-F6CB1972C398}" = CCC Help Japanese
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9060F116-D570-7033-4B42-DB0E5119DDA0}" = CCC Help Swedish
"{924AED21-D45C-3486-FE09-7DD182B35AA0}" = Catalyst Control Center Graphics Previews Common
"{929B1DC7-1201-2305-0182-6CC7655AF596}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99F8C520-B782-6C15-DBB7-91061BA752C5}" = CCC Help Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F702F8-B4AD-3EF4-5B4D-C1BB0DF9DBB6}" = CCC Help Hungarian
"{A8443959-7C6F-3ED4-7BB5-DA0E0F85B9BA}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD54E087-C6D2-3439-0993-3061CE6C10F1}" = Catalyst Control Center Graphics Previews Vista
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3C9A765-F917-6C92-A32B-607751AF4C2B}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D616F4D0-6668-5E48-B8DB-5C7382410E75}" = CCC Help German
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E747B6FB-0EED-4D06-26B0-E9D44678DFC2}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB6467CC-73B3-9ABE-7D9D-EA41EC4AEB92}" = CCC Help Danish
"{FC4464DB-66BB-44A7-6AF4-39857EBC393B}" = CCC Help Korean
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE951E3B-2001-C965-4D43-42CBBF914515}" = CCC Help Chinese Traditional
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Debut" = Debut Video Capture Software
"Dell Dock" = Dell Dock
"DivX Setup" = DivX Setup
"IBM SPSS Visualization Designer" = IBM SPSS Visualization Designer
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"JPG To PDF_is1" = JPG To PDF 2.2.1
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager
"Spotify" = Spotify
"SurveyCruncher" = SurveyCruncher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2013 1:31:18 AM | Computer Name = Hal_reborn | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".Error
in manifest or policy file "C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 6/29/2013 1:32:18 AM | Computer Name = Hal_reborn | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\IBM\SPSS\visualizationdesigner\java\jre\bin\unpack.dll".Error
in manifest or policy file "c:\program files (x86)\IBM\SPSS\visualizationdesigner\java\jre\bin\unpack.dll"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 6/29/2013 1:32:18 AM | Computer Name = Hal_reborn | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\IBM\SPSS\visualizationdesigner\java\jre\bin\unpack200.exe".Error
in manifest or policy file "c:\program files (x86)\IBM\SPSS\visualizationdesigner\java\jre\bin\unpack200.exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 6/29/2013 1:32:39 AM | Computer Name = Hal_reborn | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 6/29/2013 4:48:11 PM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 6/29/2013 4:48:11 PM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 7/1/2013 1:14:02 AM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 7/1/2013 1:14:02 AM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 7/1/2013 5:55:09 PM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 7/1/2013 5:55:09 PM | Computer Name = Hal_reborn | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

[ Media Center Events ]
Error - 12/28/2012 6:52:50 PM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 4:52:49 PM - Error connecting to the internet. 4:52:49 PM - Unable
to contact server..

Error - 12/31/2012 5:35:01 PM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 3:35:01 PM - Error connecting to the internet. 3:35:01 PM - Unable
to contact server..

Error - 12/31/2012 5:35:34 PM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 3:35:30 PM - Error connecting to the internet. 3:35:30 PM - Unable
to contact server..

Error - 1/16/2013 7:22:48 PM | Computer Name = Hal_reborn | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 2/11/2013 5:12:25 PM | Computer Name = Hal_reborn | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 5/17/2013 5:58:03 AM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 4:58:03 AM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 6:58:18 AM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 5:58:17 AM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 7:58:33 AM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 6:58:32 AM - Failed to retrieve SportsSchedule (Error: Invalid security
token.)

Error - 6/11/2013 4:29:49 AM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 3:29:48 AM - Error connecting to the internet. 3:29:48 AM - Unable
to contact server..

Error - 6/14/2013 5:19:10 AM | Computer Name = Hal_reborn | Source = MCUpdate | ID = 0
Description = 4:19:09 AM - Failed to retrieve SportsSchedule (Error: The request
failed with HTTP status 403: Forbidden.)

[ System Events ]
Error - 5/20/2013 12:16:19 PM | Computer Name = Hal_reborn | Source = volsnap | ID = 393251
Description = The shadow copies of volume A: were aborted because the shadow copy
storage failed to grow.

Error - 5/28/2013 12:16:16 AM | Computer Name = Hal_reborn | Source = DCOM | ID = 10010
Description =

Error - 6/3/2013 12:48:27 PM | Computer Name = Hal_reborn | Source = volsnap | ID = 393251
Description = The shadow copies of volume A: were aborted because the shadow copy
storage failed to grow.

Error - 6/4/2013 1:23:10 AM | Computer Name = Hal_reborn | Source = DCOM | ID = 10010
Description =

Error - 6/16/2013 5:37:57 PM | Computer Name = Hal_reborn | Source = DCOM | ID = 10010
Description =

Error - 6/17/2013 3:09:38 PM | Computer Name = Hal_reborn | Source = volsnap | ID = 393251
Description = The shadow copies of volume A: were aborted because the shadow copy
storage failed to grow.

Error - 6/26/2013 4:32:30 AM | Computer Name = Hal_reborn | Source = DCOM | ID = 10010
Description =

Error - 6/27/2013 8:00:59 PM | Computer Name = Hal_reborn | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:59:01 PM on ?6/?27/?2013 was unexpected.

Error - 6/27/2013 8:01:17 PM | Computer Name = Hal_reborn | Source = BugCheck | ID = 1001
Description =

Error - 7/1/2013 6:35:28 AM | Computer Name = Hal_reborn | Source = volsnap | ID = 393251
Description = The shadow copies of volume A: were aborted because the shadow copy
storage failed to grow.

< End of report >

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-25 20:30:18
-----------------------------
20:30:18.608 OS Version: Windows x64 6.1.7601 Service Pack 1
20:30:18.608 Number of processors: 4 586 0x1E05
20:30:18.608 ComputerName: HAL_REBORN UserName:
20:30:21.323 Initialize success
20:30:21.323 VM: initialized successfully
20:30:21.338 VM: Intel CPU supported
20:30:23.487 VM: supported disk I/O ataport.SYS
20:30:42.737 AVAST engine defs: 14062500
20:30:44.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:44.329 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
20:30:44.329 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
20:30:44.329 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
20:30:44.531 Disk 0 MBR read successfully
20:30:44.531 Disk 0 MBR scan
20:30:44.547 Disk 0 Windows VISTA default MBR code
20:30:44.547 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:30:44.563 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
20:30:44.594 Disk 0 Boot: NTFS code=1
20:30:44.609 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
20:30:44.828 Disk 0 scanning C:\Windows\system32\drivers
20:31:09.752 Service scanning
20:31:28.160 Modules scanning
20:31:28.160 Disk 0 trace - called modules:
20:31:28.207 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:31:28.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009582060]
20:31:28.223 3 CLASSPNP.SYS[fffff8800186043f] -> nt!IofCallDriver -> [0xfffffa80092a8520]
20:31:28.223 5 ACPI.sys[fffff88000f687a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80092a9060]
20:31:33.480 AVAST engine scan C:\Windows
20:32:43.462 AVAST engine scan C:\Windows\system32
20:33:02.681 Disk 0 MBR has been saved successfully to "C:\Users\*****\Downloads\MBR.dat"
20:33:02.697 The log file has been saved successfully to "C:\Users\*****\Downloads\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-25 22:18:21
-----------------------------
22:18:21.445 OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:21.445 Number of processors: 4 586 0x1E05
22:18:21.446 ComputerName: HAL_REBORN UserName:
22:18:30.009 Initialize success
22:18:30.009 VM: initialized successfully
22:18:30.091 VM: Intel CPU supported
22:18:33.503 VM: supported disk I/O ataport.SYS
22:18:53.503 AVAST engine defs: 14062500
22:18:56.950 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:18:56.950 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
22:18:56.966 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
22:18:56.966 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
22:18:57.216 VM: Disk 0 MBR read successfully
22:18:57.216 Disk 0 MBR scan
22:18:57.216 Disk 0 Windows VISTA default MBR code
22:18:57.278 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:18:57.325 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
22:18:57.356 Disk 0 Boot: NTFS code=1
22:18:57.372 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
22:18:57.621 Disk 0 scanning C:\Windows\system32\drivers
22:19:24.890 Service scanning
22:20:15.496 Modules scanning
22:20:15.496 Disk 0 trace - called modules:
22:20:15.528 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:20:15.528 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009582060]
22:20:15.543 3 CLASSPNP.SYS[fffff8800186043f] -> nt!IofCallDriver -> [0xfffffa80092a8520]
22:20:15.543 5 ACPI.sys[fffff88000f687a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80092a9060]
22:20:19.038 AVAST engine scan C:\Windows
22:20:36.947 AVAST engine scan C:\Windows\system32
22:23:42.571 AVAST engine scan C:\Windows\system32\drivers
22:23:57.064 AVAST engine scan C:\Users\*****
22:42:47.239 AVAST engine scan C:\ProgramData
22:43:59.015 Scan finished successfully
22:53:07.558 Disk 0 MBR has been saved successfully to "C:\Users\*****\Downloads\MBR.dat"
22:53:07.574 The log file has been saved successfully to "C:\Users\*****\Downloads\aswMBR.txt"


Edited by admin, 04 August 2015 - 10:43 AM.

  • 0

#5
Essexboy
Posted 26 June 2014 - 06:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK lets remove what I can see first, once completed could you let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
     
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes\{50E09F18-32C0-4E3E-A2B9-0797029C0D46}: "URL" = http://search.condui...6511392223&UM=2
[2013/10/27 20:56:54 | 000,003,746 | ---- | M] () -- C:\Users\Kevin W\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\searchplugins\safeguard-secure-search.xml
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
O2 - BHO: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (KeyBar 2.5 Toolbar) - {92ED4BBD-83F2-4C70-BB4E-F8D3716143FE} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [BackgroundContainer] C:\Users\Kevin W\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
[2013/10/27 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin W\AppData\Roaming\OpenCandy

:Files
C:\Users\KEVINW~1.W\AppData\Local\Temp\_MEI29522

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#6
zerokreap
Posted 26 June 2014 - 06:21 PM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Okay, everything went well..no problems as far as I can tell. Here are the logs:

OTL logfile created on: 6/26/2014 8:54:33 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.96 Gb Total Physical Memory | 8.55 Gb Available Physical Memory | 85.85% Memory free
19.92 Gb Paging File | 18.46 Gb Available in Paging File | 92.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 415.26 Gb Free Space | 45.06% Space Free | Partition Type: NTFS

Computer Name: HAL_REBORN | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/25 17:54:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL (3).exe
PRC - [2014/06/05 17:46:42 | 024,474,752 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/06/04 17:18:02 | 003,162,944 | ---- | M] () -- C:\Users\****\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/05/15 16:38:02 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/29 14:36:02 | 000,048,200 | ---- | M] () -- C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
PRC - [2013/04/11 23:36:50 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2010/01/27 16:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/26 08:52:43 | 001,160,704 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_ssl.pyd
MOD - [2014/06/26 08:52:43 | 001,062,400 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._controls_.pyd
MOD - [2014/06/26 08:52:43 | 000,811,008 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._windows_.pyd
MOD - [2014/06/26 08:52:43 | 000,805,888 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._gdi_.pyd
MOD - [2014/06/26 08:52:43 | 000,713,216 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_hashlib.pyd
MOD - [2014/06/26 08:52:43 | 000,686,080 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\unicodedata.pyd
MOD - [2014/06/26 08:52:43 | 000,525,640 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\windows._lib_cacheinvalidation.pyd
MOD - [2014/06/26 08:52:43 | 000,167,936 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32gui.pyd
MOD - [2014/06/26 08:52:43 | 000,127,488 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\pyexpat.pyd
MOD - [2014/06/26 08:52:43 | 000,119,808 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32file.pyd
MOD - [2014/06/26 08:52:43 | 000,110,080 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\pywintypes27.dll
MOD - [2014/06/26 08:52:43 | 000,108,544 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32security.pyd
MOD - [2014/06/26 08:52:43 | 000,087,552 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_ctypes.pyd
MOD - [2014/06/26 08:52:43 | 000,070,656 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._html2.pyd
MOD - [2014/06/26 08:52:43 | 000,038,912 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32inet.pyd
MOD - [2014/06/26 08:52:43 | 000,027,136 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_multiprocessing.pyd
MOD - [2014/06/26 08:52:43 | 000,025,600 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32pdh.pyd
MOD - [2014/06/26 08:52:43 | 000,024,064 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32pipe.pyd
MOD - [2014/06/26 08:52:43 | 000,018,432 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32event.pyd
MOD - [2014/06/26 08:52:43 | 000,017,408 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32profile.pyd
MOD - [2014/06/26 08:52:43 | 000,010,240 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\select.pyd
MOD - [2014/06/26 08:52:43 | 000,007,168 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\hashobjs_ext.pyd
MOD - [2014/06/26 08:52:42 | 001,175,040 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._core_.pyd
MOD - [2014/06/26 08:52:42 | 000,735,232 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._misc_.pyd
MOD - [2014/06/26 08:52:42 | 000,557,056 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\pysqlite2._sqlite.pyd
MOD - [2014/06/26 08:52:42 | 000,364,544 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\pythoncom27.dll
MOD - [2014/06/26 08:52:42 | 000,320,512 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32com.shell.shell.pyd
MOD - [2014/06/26 08:52:42 | 000,128,512 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_elementtree.pyd
MOD - [2014/06/26 08:52:42 | 000,122,368 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._wizard.pyd
MOD - [2014/06/26 08:52:42 | 000,098,816 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32api.pyd
MOD - [2014/06/26 08:52:42 | 000,078,336 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\wx._animate.pyd
MOD - [2014/06/26 08:52:42 | 000,045,568 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\_socket.pyd
MOD - [2014/06/26 08:52:42 | 000,035,840 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32process.pyd
MOD - [2014/06/26 08:52:42 | 000,022,528 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32ts.pyd
MOD - [2014/06/26 08:52:42 | 000,011,264 | ---- | M] () -- C:\Users\KEVINW~1.WAL\AppData\Local\Temp\_MEI20282\win32crypt.pyd
MOD - [2014/06/04 17:18:02 | 003,162,944 | ---- | M] () -- C:\Users\****\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/05/15 16:24:36 | 000,344,064 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/05/15 16:21:24 | 000,253,440 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/05/15 16:20:58 | 000,231,936 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/05/15 16:20:54 | 000,117,248 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/12/10 16:06:52 | 000,026,624 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 16:06:42 | 010,683,392 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 16:06:40 | 001,681,408 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 16:06:38 | 007,741,952 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 16:06:36 | 002,248,192 | ---- | M] () -- C:\Users\****\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/08/29 14:36:02 | 000,048,200 | ---- | M] () -- C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/17 21:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/06/22 19:34:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 10:41:07 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 01:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 01:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/01 18:34:58 | 000,097,104 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/17 21:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 20:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 07:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/07 22:32:12 | 000,396,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DA3FF58C-1C55-4F9B-982D-158DFE3A8DEF}
IE:64bit: - HKLM\..\SearchScopes\{DA3FF58C-1C55-4F9B-982D-158DFE3A8DEF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro...000842b2b98e7bc
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\URLSearchHook: {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes,DefaultScope = {50E09F18-32C0-4E3E-A2B9-0797029C0D46}
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\SearchScopes\{50E09F18-32C0-4E3E-A2B9-0797029C0D46}: "URL" = http://search.condui...6511392223&UM=2
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.15.770
FF - prefs.js..extensions.enabledAddons: %7BBB080420-8088-F650-3D47-13799CCD6159%7D:1.41
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.21.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "173.234.85.255"
FF - prefs.js..network.proxy.http_port: 27281
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/08 18:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/22 19:34:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/22 19:34:37 | 000,000,000 | ---D | M]

[2012/08/17 00:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2014/06/21 16:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x0kmyaw7.default\extensions
[2013/10/19 22:23:48 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x0kmyaw7.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/04/28 19:38:31 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\[email protected]
[2014/06/21 16:07:43 | 005,564,319 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\[email protected]
[2012/12/16 10:31:29 | 000,077,093 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}.xpi
[2013/10/27 20:56:54 | 000,003,746 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\x0kmyaw7.default\searchplugins\safeguard-secure-search.xml
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/06/22 19:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/22 19:34:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Chromebleed = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic\2.0_0\
CHR - Extension: Zotero Connector = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc\4.0.8.2_0\
CHR - Extension: Click&Clean = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: Disconnect = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.14_0\
CHR - Extension: SlingPlayer Web Plug-in = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\2.4.0.63_0\
CHR - Extension: Google Wallet = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Click&Clean App = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.6_0\
CHR - Extension: Vid-Saver = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_78\crossrider
CHR - Extension: Vid-Saver = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.19.31_78\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 2.5 Toolbar) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000\..\Toolbar\WebBrowser: (KeyBar 2.5 Toolbar) - {92ED4BBD-83F2-4C70-BB4E-F8D3716143FE} - C:\Program Files (x86)\KeyBar_2.5\prxtbKeyB.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Amazon Music] C:\Users\****\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [BackgroundContainer] C:\Users\****\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [MusicManager] C:\Users\****\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Spotify] C:\Users\****\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1503162752-1996161336-1207127860-1000..\Run: [Spotify Web Helper] C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...s-i586.cab(JavaPlug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...h.cab(ShockwaveFlash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C2B6FC-9DF0-4817-BC10-325E42D099AB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{48b8a3fa-de82-11e1-a290-842b2b98e7bc}\Shell - "" = AutoRun
O33 - MountPoints2\{48b8a3fa-de82-11e1-a290-842b2b98e7bc}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/26 08:49:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 20:08:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[2014/06/24 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Amazon Music
[2014/06/24 19:26:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{16DB033D-E8EB-489A-990C-4671F087EE33}
[2014/06/22 19:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/20 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8A343506-D9EE-400B-BDFB-455C2C0E98A4}
[2014/06/17 20:22:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A30FF694-A4A0-485E-A5C2-5A2C9DEADBF8}
[2014/06/12 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5662D425-D95C-408B-9624-BEDF6A9E42EF}
[2014/06/11 10:51:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A15AB90D-A220-4923-B3D9-CE5600045149}
[2014/06/11 07:10:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/11 07:10:48 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 07:10:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/11 07:10:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 07:10:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 07:10:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 07:10:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/11 07:10:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/11 07:10:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 07:10:43 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 07:10:43 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/11 07:10:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/11 07:10:43 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 07:10:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/11 07:10:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 07:10:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 07:10:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/11 07:10:42 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/11 07:10:42 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/11 07:10:42 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/11 07:10:41 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 07:10:41 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 07:10:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/11 07:10:41 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/11 07:10:41 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/11 07:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 07:10:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/11 07:10:40 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/11 07:10:40 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/11 07:10:40 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/11 07:10:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/11 07:10:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/11 07:10:39 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/11 07:10:39 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/11 07:10:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/11 07:10:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/27 23:12:04 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\996tt
[2006/07/04 11:11:00 | 002,123,432 | ---- | C] (ComponentOne LLC) -- C:\Program Files (x86)\Common Files\olch2x8.ocx

========== Files - Modified Within 30 Days ==========

[2014/06/26 08:51:58 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/26 08:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/26 08:50:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/06/26 08:50:40 | 3725,942,783 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/26 08:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/26 08:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/26 08:22:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000UA.job
[2014/06/26 04:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1503162752-1996161336-1207127860-1000Core.job
[2014/06/25 08:24:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 08:24:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/25 08:16:30 | 574,375,936 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/24 20:09:06 | 000,001,184 | ---- | M] () -- C:\Users\****\Desktop\Amazon Music.lnk
[2014/06/22 21:06:00 | 000,002,050 | ---- | M] () -- C:\Users\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/22 12:55:38 | 000,002,015 | ---- | M] () -- C:\Users\****\Desktop\Canon Inkjet MX310 series - Shortcut.lnk
[2014/06/15 17:29:36 | 001,241,607 | ---- | M] () -- C:\Users\****\Desktop\Vintage-Chart.jpg
[2014/06/11 17:38:56 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/10 11:17:40 | 000,143,627 | ---- | M] () -- C:\Users\****\Desktop\SoundgardenTickets_FrontRow.pdf
[2014/05/30 05:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 04:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 04:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 04:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 04:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 04:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 04:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 04:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 04:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 04:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 04:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 03:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 03:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 03:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 03:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 03:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 03:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 03:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 03:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 03:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 03:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 03:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 03:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 03:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 03:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 03:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 03:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 03:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 02:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 02:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 02:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 02:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014/06/24 20:09:06 | 000,001,184 | ---- | C] () -- C:\Users\****\Desktop\Amazon Music.lnk
[2014/06/22 12:55:38 | 000,002,015 | ---- | C] () -- C:\Users\****\Desktop\Canon Inkjet MX310 series - Shortcut.lnk
[2014/06/15 17:29:35 | 001,241,607 | ---- | C] () -- C:\Users\****\Desktop\Vintage-Chart.jpg
[2014/06/10 11:17:38 | 000,143,627 | ---- | C] () -- C:\Users\****\Desktop\SoundgardenTickets_FrontRow.pdf
[2014/02/26 04:03:37 | 000,776,886 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/29 14:36:04 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2013/07/26 08:24:22 | 006,275,760 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
[2013/07/26 08:24:22 | 001,239,216 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
[2013/07/26 08:24:22 | 000,394,416 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/07/26 08:24:22 | 000,288,944 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/07/26 08:24:22 | 000,235,184 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013/07/26 08:24:22 | 000,190,640 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/07/26 08:24:22 | 000,150,192 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013/06/08 06:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/06/08 06:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/06/08 06:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/06/08 06:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/06/08 06:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/06/08 06:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013/06/08 06:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/06/08 06:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/06/08 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/06/08 06:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2013/01/13 21:02:44 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/11/24 11:26:25 | 000,000,036 | ---- | C] () -- C:\Users\****\TPWinAuth.ini
[2012/10/20 21:36:11 | 000,001,543 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/09/15 12:17:31 | 000,004,608 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 01:48:11 | 000,000,263 | ---- | C] () -- C:\Users\****\.net.cbsolution.ps.srvcr.preferences.properties
[2011/08/31 20:47:56 | 000,007,612 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2011/07/17 21:02:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/15 23:41:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011/08/19 10:26:14 | 000,001,306 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1503162752-1996161336-1207127860-1000\$RU7FMAX.11\Application Data\Mozilla\Firefox\Profiles\t66ki0su.default\zotero\storage\HZ2Z9HP4\l.png@22
[2011/10/19 14:48:34 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1503162752-1996161336-1207127860-1000\$RU7FMAX.11\Local Settings\Application Data\Microsoft\Silverlight\is\wnu1uinm.055\cbzzymbg.2vs\1\l
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/02/19 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\e-academy Inc
[2011/01/21 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Eclipse
[2012/10/20 21:32:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2012/02/17 22:29:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2013/10/27 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy
[2012/10/24 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sensitivity
[2010/10/16 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sling Media
[2014/06/26 08:53:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify
[2012/08/12 20:52:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SPSSInc
[2010/10/13 18:52:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trusteer
[2014/06/25 19:46:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2012/08/16 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Xilisoft
[2013/07/27 11:19:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zotero
[2012/05/23 18:40:59 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Amazon
[2011/01/18 16:24:59 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\gtk-2.0
[2010/12/13 13:50:28 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Trusteer
[2011/03/10 04:24:03 | 000,000,000 | ---D | M] -- C:\Users\Mcx1-HAL_REBORN\AppData\Roaming\Trusteer

========== Purity Check ==========

< End of report >

# AdwCleaner v3.213 - Report created 26/06/2014 at 19:15:13
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : **** - HAL_REBORN
# Running from : C:\Users\****\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Program Files (x86)\FreeHDSport.TV
Folder Deleted : C:\Program Files (x86)\KeyBar_2.5
Folder Deleted : C:\Users\****\AppData\Local\Conduit
Folder Deleted : C:\Users\****\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\****\AppData\Local\Vid-Saver
Folder Deleted : C:\Users\****\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\****\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\****\AppData\LocalLow\KeyBar_2.5
Folder Deleted : C:\Users\****\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
Folder Deleted : C:\Users\****\Documents\Browser
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\8gzrkexc.default\Extensions\[email protected]
Folder Deleted : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7zu9qxj3.default\Extensions\[email protected]
Folder Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
File Deleted : C:\END
File Deleted : C:\Users\KEVINW~1.WAL\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7zu9qxj3.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\x0kmyaw7.default\browsermngr_prefs.js
File Deleted : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7zu9qxj3.default\browsermngr_prefs.js
File Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\x0kmyaw7.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\x0kmyaw7.default\user.js
File Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatequalitink_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3313053
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3313053
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87922CB-1852-40BE-8B0F-F74C9D80B773}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87922CB-1852-40BE-8B0F-F74C9D80B773}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E87922CB-1852-40BE-8B0F-F74C9D80B773}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA1182D2-11DE-4F8F-8D2B-7BF1EA2BED19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DF04589-6E3B-4256-92E1-50A05F6967AB}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{92ED4BBD-83F2-4C70-BB4E-F8D3716143FE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_2.5
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\KeyBar_2.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\8gzrkexc.default\prefs.js ]

Line Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);

[ File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\x0kmyaw7.default\prefs.js ]

[ File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\7zu9qxj3.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Claro Search");
Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.claro-search.com/?affID=114256&tt=120812_bandext_3212_7&babsrc=HP_iclro&mntrId=fc39b9f5000000000000842b2b98e7bc");
Line Deleted : user_pref("extensions.crossrider.bic", "1392d31bdec1ad5f78a1312adae7dc29");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1345082998);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.active", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n_GPL_PID = 1140;\nfunction parse_url(str,component){var key=['source','scheme','authority','userInfo','user','pass','host','port','relati[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundver", 6);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1345082998");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1345082998");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2245281%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2245281%26subid%3D%26pid%3D1260%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2245281%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221260%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%2267878%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your favorite streaming videos!");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.domain", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.js", "\nvar _GPL_PID=1140,_GPL_baseCDN=\"vidsaver-a.akamaihd.net\";\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null==[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/3491/plugins/083/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsversion", 5);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.thankyou", "hxxp://vid-saver.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 33);
Line Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp3491.apps", "3491");
Line Deleted : user_pref("extensions.crossriderapp3491.bic", "1392d31bdec1ad5f78a1312adae7dc29");
Line Deleted : user_pref("extensions.crossriderapp3491.cid", 3491);
Line Deleted : user_pref("extensions.crossriderapp3491.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp3491.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp3491.installationdate", 1345082998);
Line Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22920409);
Line Deleted : user_pref("extensions.crossriderapp3491.lastcheckitem", 22920409);
Line Deleted : user_pref("extensions.crossriderapp3491.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp3491.updating", true);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp3491%40crossrider.com:0.83.31,%7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : nbdbmopeebalgaeghmjoegpkngglikgn
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [29849 octets] - [26/06/2014 17:41:47]
AdwCleaner[S0].txt - [29540 octets] - [26/06/2014 19:15:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29601 octets] ##########


  • 0

#7
zerokreap
Posted 26 June 2014 - 11:30 PM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I also ran a few other malware extermination programs after completing your instructions. With Spybot, four registry errors could not be fixed. Once again, the program indicated that I needed to be an admin. Of course, I was logged into my admin account, so I find this confusing. Here are the specific registry keys:

 

Delta.Toolbar: [SBI $4FE1D2EF] User settings (Registry key, fixing failed) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Delta.Toolbar: [SBI $4FE1D2EF] User settings (Registry key, fixing failed) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Ad.CouponCompanion: [SBI $BAD6CBC6] Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

Ad.CouponCompanion: [SBI $F696B4DC] Settings (Registry key, fixing failed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}

 

 

Any thoughts on these?


  • 0

#8
Essexboy
Posted 27 June 2014 - 06:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Those elements are not showing in the other logs .. If there were they would now be gone.

How is the computer behaving ?
  • 0

#9
zerokreap
Posted 27 June 2014 - 06:38 AM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Well, I have noticed that my graphics card is all of a sudden having problems. It keeps crashing. I thought that was related to what we have been working on here, but perhaps it is something else.


Edited by zerokreap, 27 June 2014 - 06:54 AM.

  • 0

#10
Essexboy
Posted 27 June 2014 - 06:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
zerokreap
Posted 27 June 2014 - 06:26 PM

zerokreap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I appreciate your timely assistance Essex! Z
  • 0

#12
Essexboy
Posted 28 June 2014 - 03:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My Pleasure:)
  • 0

#13
Essexboy
Posted 30 June 2014 - 09:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP