[zep516]

Hello,
 
Odd Who crashed did not identify any problem so we will let the computer run and see if it blue screens again...

Can you download the bitdefender removal tool from http://www.bitdefend...installtool.exe Save the file to the desktop and run it. The save file box will pop up right here on this post. I'm running this because I see an old driver left over from Bitdefender so just in case there is more stuff we don't see lets run it.
 
Then
 
Lets try resetting chrome,
Please follow these instructions here to reset chrome.
 
Run the computer for a while let me know how things are and what occurs.
 
Joe

[Advertisements]

One other thing about AVG, that I see you also had installed. Did you run uninstall tool for that ? If not run the tool for the product you had installed you can find the uninstall tool here-->http://www.avg.com/us-en/utilities


Before doing that I sugguest you enter Msconfig:
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe

Reinable the item above and then run the AVG removal tool so the item gets removed.

[zep516]

One other thing about AVG, that I see you also had installed. Did you run uninstall tool for that ? If not run the tool for the product you had installed you can find the uninstall tool here-->http://www.avg.com/us-en/utilities


Before doing that I sugguest you enter Msconfig:
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe

Reinable the item above and then run the AVG removal tool so the item gets removed.

[periwinkle]

Here is a log of the iesearch that Malwarebytes keeps finding:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 7/9/2014 3:27:16 AM, SYSTEM, VERONICA-PC, Scheduler, Malware Database, 2014.7.9.2, 2014.7.9.3, 

Protection, 7/9/2014 3:28:16 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Starting, 

Protection, 7/9/2014 3:28:16 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 7/9/2014 3:28:17 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 7/9/2014 3:28:54 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Success, 

Protection, 7/9/2014 3:28:54 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 3:28:59 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Update, 7/9/2014 7:24:13 AM, SYSTEM, VERONICA-PC, Scheduler, Malware Database, 2014.7.9.3, 2014.7.9.5, 

Protection, 7/9/2014 7:24:41 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Starting, 

Protection, 7/9/2014 7:24:41 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 7/9/2014 7:24:43 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 7/9/2014 7:25:25 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Success, 

Protection, 7/9/2014 7:25:25 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 7:25:32 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Update, 7/9/2014 9:05:54 AM, SYSTEM, VERONICA-PC, Scheduler, Malware Database, 2014.7.9.5, 2014.7.9.6, 

Protection, 7/9/2014 9:06:10 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Starting, 

Protection, 7/9/2014 9:06:10 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 7/9/2014 9:06:10 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 7/9/2014 9:06:26 AM, SYSTEM, VERONICA-PC, Protection, Refresh, Success, 

Protection, 7/9/2014 9:06:26 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 9:06:26 AM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Protection, 7/9/2014 5:43:43 PM, SYSTEM, VERONICA-PC, Protection, Malware Protection, Starting, 

Protection, 7/9/2014 5:43:43 PM, SYSTEM, VERONICA-PC, Protection, Malware Protection, Started, 

Protection, 7/9/2014 5:43:43 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 5:44:41 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Update, 7/9/2014 6:17:18 PM, SYSTEM, VERONICA-PC, Scheduler, Rootkit Database, 2014.7.7.1, 2014.7.9.1, 

Update, 7/9/2014 6:17:30 PM, SYSTEM, VERONICA-PC, Scheduler, Malware Database, 2014.7.9.6, 2014.7.9.13, 

Protection, 7/9/2014 6:17:31 PM, SYSTEM, VERONICA-PC, Protection, Refresh, Starting, 

Protection, 7/9/2014 6:17:31 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 7/9/2014 6:17:32 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 7/9/2014 6:18:00 PM, SYSTEM, VERONICA-PC, Protection, Refresh, Success, 

Protection, 7/9/2014 6:18:00 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 6:18:20 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Detection, 7/9/2014 6:53:51 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, IP, 64.20.54.67, www.iesearch.com, 0, Outbound, 

Protection, 7/9/2014 10:03:42 PM, SYSTEM, VERONICA-PC, Protection, Malware Protection, Starting, 

Protection, 7/9/2014 10:03:42 PM, SYSTEM, VERONICA-PC, Protection, Malware Protection, Started, 

Protection, 7/9/2014 10:03:42 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Starting, 

Protection, 7/9/2014 10:03:54 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, Started, 

Detection, 7/9/2014 10:20:06 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, IP, 64.20.54.67, www.iesearch.com, 0, Outbound, 

Detection, 7/9/2014 10:22:05 PM, SYSTEM, VERONICA-PC, Protection, Malicious Website Protection, IP, 64.20.54.67, www.iesearch.com, 0, Outbound, 

 

(end)

[zep516]

Thanks for posting that, and I'm reviewing it, running a bit behind here.

Did you follow the instructions in post #47 ? Did you reset Chrome ?


Thanks
Joe

[periwinkle]

Sorry Joe, missed that one little line about resetting Chrome.  Yes, I reset it.

 

It's interesting that the scanners, Malwarebytes and the online ESET scan, both detect my K: drive, but my computer still does not.

 

I think I may have killed iesearch.  I did some research and found this page to be helpful:

 

http://www.securitys...h-hijacker.html

 

I've checked MBAM and I haven't had a single outbound iesearch.com since I reset my IE settings.

[zep516]

OK.

About the drives, you have 2 Internal connected drives called K&J correct ? + Your "C" Drive.

Do you see them in disk Management? See link for disk management access in case you need it.

http://pcsupport.abo...t-windows-7.htm

Joe

[periwinkle]

My computer sees J: & K:, but it calls them removable disks.  I can post a photo because that will certainly be worth a thousand words.  My J: & K: drives are both hard drives that were in my previous computer.  They are not removable devices nor are they memory sticks as they are called in the photo.  When I looked at them with the Disk Management it calls them removable. 

 

I wonder if I could still be having problems because I haven't erased the photos from my C: drive yet?  I copied all the photos, but I was doing some maintenance and clearing out duplicate photos.  I just really wanted to be sure I wasn't erasing anything without a backup copy.  My computer still has only 10% free space.  I'm doing my first ever backup of all my files right now.  It may be finished by tomorrow...

 

Okay, I've attached the photo to this post.

Attached Thumbnails

• 

Edited by periwinkle, 13 July 2014 - 06:02 PM.

[zep516]

Go ahead an post a photo, I'll warn you I'm not much on hardware issues, but can at least gather information. I'll be up front, I have no idea why they would be listed as removable because there not connected to a usb.

You could get by with 15% free space although I like 20% but that's just me.

[periwinkle]

Today has been a banner day with my computer, but not in a good way.  I came home and the computer was off.  I had left it on as I usually do, but it was off when I arrived home.  I powered it on and it shut off immediately.  It did this two more times and it shut off before booting, then I unplugged it for several hours.  When I tried to restart it again, it kept shutting off before even booting up.  After about the second power off, it tried to launch the repair sequence.  This also got powered off.  After about 3 more times of the computer being turned on and then having it try to self-repair, it finally did succeed at restoring.  Right now, my desktop is larger than normal, but at least I can use the computer!

 

I'm starting to think that this powering off thing has a pattern.  I could be wrong, but it sometimes will power off if I don't turn the ceiling fan on while I'm gone.  I do have a dedicated box fan on at all times and I shift my A/C up to 88 degrees when I leave for work.  However, it has stayed powered on with just the box fan many times.  The computer only gets up to about 105 degrees even with the house temp set at 88 degrees.  

 

The second reason I believe there is a pattern is that it seems like the computer has this problem almost always around the middle of the month - 6/15, 7/15 or thereabouts.  I'm really trying to find a pattern here.  I remember I had a lot of trouble with the computer around the middle of June as well.  It could be that the same thing happened other months as well, but it seemed more random.  I just know that it was about 2 days of trouble in June and I thought the computer was a goner then.  I did eventually get it powered up but it shut off about 4 times right after I pushed the power button.  I finally succeeded in restoring the computer.

 

Here's an irony:  I was able to run my first ever backup successfully last night without a hitch.  So I will be able to remove the photos now from the C: drive.

[periwinkle]

It's late at night, but I can't find my Recycle Bin. This is weird.  It disappeared from my computer desktop a few years ago and I was able to create a shortcut for it.  I never did find it in my computer.  Tonight I did a Windows search for it, and it's nowhere to be found.  WTH?

 

Restarted the computer and watched the desktop show the Recycle Bin and then it disappeared in front of my eyes!!!  Did a Windows search for it - NOTHING!  What the h e l l is going on here?

 

7:26 AM PDT I'm doing more and more research and I learned how to bring my Recycle Bin back.  Just a matter of finding the right info.  It's restored to the desktop now and I feel much better!  Wish I'd known it was this easy a few years ago!

Edited by periwinkle, 15 July 2014 - 08:29 AM.

[periwinkle]

It seems iesearch is back since I restored the computer.  I followed the same steps as before to delete it, but I did not restart the computer.  Maybe that's the only difference.  At this point, I'm afraid to restart it again after all the problems just getting it to boot tonight.

 

Well, I restarted the computer and that iesearch is back again!  This is so frustrating!!!

Edited by periwinkle, 15 July 2014 - 03:17 AM.

[zep516]

Hello,

2 things to do. Post a new OTL Log first so we can see where we are. Then Run System file checker. I feel the power off issue is or could be hardware related, power supply, motherboard etc.

What is the make an model of the PC ?

The 2 drives J AN K who makes them, and how big are they? Did they come with a disk ?

Run System file checker,

Try using System File Checker,
System File Checker merely makes sure that all system files are where they should be. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
Open an Elevated Command Prompt window. To do so, click Start, then type cmd in the Start Search box. In the results area, right-click cmd.exe, and then click Run as administrator. You will be prompted to type the password for an administrator account. Click Continue if you are the administrator or type the administrator password. Then, click Continue.

At the command prompt, type the following command, sfc /scannow and then press ENTER.


The scan may take some time to complete. Windows will repair any corrupted or missing files that it finds.


Let me know what System File checker says, if it does not find any problems it will say "No Issues found"

If it does find a problem, reboot the computer and run it again.

Answer my questions about make an model of pc, and the drives.



Thanks
Joe

[periwinkle]

Hi Joe,

 

Here are the OTL Scans:

 

OTL logfile created on: 7/15/2014 6:56:54 PM - Run 11

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Veronica\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 28.75% Memory free

7.70 Gb Paging File | 3.22 Gb Available in Paging File | 41.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.72 Gb Total Space | 82.54 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Drive D: | 15.45 Gb Total Space | 7.50 Gb Free Space | 48.53% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 875.06 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

 

Computer Name: VERONICA-PC | User Name: Veronica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Veronica\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Veronica\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Webshots\Webshots.scr (Webshots.com)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\IOI\ButtonMonitor.exe ()

PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)

PRC - C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ()

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ()

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll ()

MOD - C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll ()

MOD - C:\Program Files (x86)\IOI\ButtonMonitor.exe ()

MOD - C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (LavasoftAdAwareService11) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe ()

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (gzflt) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys (BitDefender LLC)

DRV:64bit: - (ZCLDRV) -- C:\Windows\SysNative\DRIVERS\ZclDrv64.sys (TechnoScope Co., Ltd.)

DRV:64bit: - (amdide64) -- C:\Windows\SysNative\DRIVERS\amdide64.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)

DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\DRIVERS\amdkmafd.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW86.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (MxEFUF) -- C:\Windows\SysNative\DRIVERS\MxEFUF64.sys (Matrox Graphics Inc.)

DRV:64bit: - (74385989) -- C:\Windows\SysNative\DRIVERS\74385989.sys (Kaspersky Lab ZAO)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (BlackBox) -- C:\Windows\SysNative\blackbox.dll (Microsoft Corporation)

DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (Pnp680) -- C:\Windows\SysNative\DRIVERS\pnp680.sys (Silicon Image, Inc)

DRV:64bit: - (PAC7302) -- C:\Windows\SysNative\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (BlackBox) -- C:\Windows\SysWow64\drivers\BlackBox.sys ()

DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20081023.002\IDSviA64.sys (Symantec Corporation)

DRV - (RTL8187B) -- C:\Windows\SysWOW64\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT5694

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {BE66EAF2-AF06-41CC-B0AC-01904F9065A0}

IE - HKCU\..\SearchScopes\{BE66EAF2-AF06-41CC-B0AC-01904F9065A0}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Veronica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Veronica\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Veronica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Veronica\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/19 17:20:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 03:30:36 | 000,000,000 | ---D | M]

 

[2010/04/30 22:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veronica\AppData\Roaming\Mozilla\Extensions

[2010/04/30 22:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veronica\AppData\Roaming\Mozilla\Extensions\[email protected]

[2014/07/07 03:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\25qs7hd5.default-1404101501971\extensions

[2014/07/06 03:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2014/07/06 03:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/07/06 03:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2014/07/06 03:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/07/06 03:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2014/07/06 03:31:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/04/06 07:40:00 | 000,182,936 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMcAfeeSRPlgn.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Veronica\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll

CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Users\Veronica\AppData\Local\Google\Chrome\Application\plugins\npMcAfeeSRPlgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Java Deployment Toolkit 7.0.550.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Veronica\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Veronica\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Veronica\AppData\Roaming\Mozilla\plugins\npo1d.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: PasswordBox - Log in with 1-Click = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.34.1.3629_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\

CHR - Extension: YouTube = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\

CHR - Extension: Google Search = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: AdBlock = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\

CHR - Extension: Google Wallet = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2014/07/06 23:12:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe ()

O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe ()

O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)

O4 - HKCU..\Run: [RSD_HDDThermo] C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O4 - Startup: C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\Launcher.exe (Webshots.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa....in/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBEC332-55DA-4912-8DF7-4AB47DEDE417}: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FBEC332-55DA-4912-8DF7-4AB47DEDE417}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6D127E-1638-46AA-BE60-19496E8DBAD3}: DhcpNameServer = 192.168.0.1 205.171.2.25

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Veronica\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\Veronica\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/16 07:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011/07/29 14:48:15 | 000,122,450 | ---- | M] () - F:\Autorun blocked.jpg -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/07/09 22:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2014/07/09 22:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2014/07/08 23:21:00 | 000,000,000 | ---D | C] -- C:\FRST

[2014/07/08 23:16:04 | 002,084,352 | ---- | C] (Farbar) -- C:\Users\Veronica\Desktop\FRST64.exe

[2014/07/08 04:02:28 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Local\Adobe

[2014/07/07 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2014/07/07 18:02:20 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/07/07 18:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/07/07 18:00:54 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/07/07 18:00:54 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/07/07 18:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/07/07 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Local\ElevatedDiagnostics

[2014/07/07 17:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2014/07/07 00:56:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll

[2014/07/07 00:54:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/07/06 20:55:17 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Veronica\Desktop\JRT.exe

[2014/07/06 20:51:31 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Roaming\Lavasoft

[2014/07/06 20:32:44 | 001,025,536 | ---- | C] (Farbar) -- C:\Users\Veronica\Desktop\ListParts64.exe

[2014/07/06 17:45:03 | 000,068,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RTSTOR64.sys

[2014/07/06 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Roaming\LavasoftStatistics

[2014/07/06 15:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2014/07/06 15:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2014/07/06 15:36:34 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Local\adawarebp

[2014/07/06 15:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2014/07/06 12:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft

[2014/07/06 03:38:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/07/06 03:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/07/05 20:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2014/07/05 20:10:55 | 002,162,992 | ---- | C] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll

[2014/07/05 20:10:54 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll

[2014/07/05 20:10:52 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll

[2014/07/05 20:10:52 | 000,871,856 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll

[2014/07/05 20:10:52 | 000,582,056 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll

[2014/07/05 20:10:52 | 000,162,224 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll

[2014/07/05 20:10:51 | 000,856,992 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll

[2014/07/05 20:10:51 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll

[2014/07/05 20:10:51 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll

[2014/07/05 20:10:50 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2014/07/05 20:10:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2014/07/05 20:10:49 | 000,724,728 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll

[2014/07/05 20:10:49 | 000,246,008 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll

[2014/07/05 20:10:49 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2014/07/05 20:10:49 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2014/07/05 20:10:48 | 001,048,824 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll

[2014/07/05 20:10:48 | 000,947,760 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll

[2014/07/05 20:10:48 | 000,889,592 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll

[2014/07/05 20:10:48 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll

[2014/07/05 20:10:47 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll

[2014/07/05 20:10:47 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll

[2014/07/05 20:10:47 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2014/07/05 20:10:46 | 001,959,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2014/07/05 20:10:45 | 002,860,248 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2014/07/05 20:10:44 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2014/07/05 20:10:42 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2014/07/05 20:10:42 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2014/07/05 20:10:41 | 001,024,728 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2014/07/05 20:10:40 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2014/07/05 20:10:40 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2014/07/05 20:10:40 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2014/07/05 20:10:40 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2014/07/05 20:10:39 | 000,628,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll

[2014/07/05 20:10:38 | 002,804,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll

[2014/07/05 20:10:38 | 001,286,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2014/07/05 20:10:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2014/07/05 20:10:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2014/07/05 20:10:33 | 064,228,864 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2014/07/05 20:10:22 | 000,949,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

[2014/07/05 20:10:14 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2014/07/05 20:10:14 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2014/07/05 20:10:13 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2014/07/05 20:10:13 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2014/07/05 20:10:13 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2014/07/05 20:10:12 | 005,751,048 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll

[2014/07/05 20:10:12 | 000,942,384 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll

[2014/07/05 20:10:11 | 000,906,800 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll

[2014/07/05 20:10:11 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2014/07/05 20:10:10 | 012,894,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll

[2014/07/05 20:10:09 | 000,956,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll

[2014/07/05 20:10:08 | 003,959,384 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll

[2014/07/05 20:10:08 | 001,313,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll

[2014/07/05 20:10:06 | 028,343,384 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll

[2014/07/05 20:10:00 | 014,863,448 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll

[2014/07/05 20:09:58 | 001,934,424 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll

[2014/07/05 20:09:57 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll

[2014/07/05 20:09:56 | 001,317,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll

[2014/07/05 20:09:56 | 001,063,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2014/07/05 20:09:56 | 000,900,696 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll

[2014/07/05 20:09:55 | 001,168,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll

[2014/07/05 20:09:55 | 001,136,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll

[2014/07/05 20:09:55 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2014/07/05 20:09:55 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll

[2014/07/05 20:09:55 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2014/07/05 20:09:54 | 000,291,488 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll

[2014/07/05 20:09:53 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2014/07/05 20:09:52 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2014/07/05 20:09:52 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll

[2014/07/05 20:09:52 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll

[2014/07/05 20:09:51 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2014/07/05 20:09:51 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll

[2014/07/05 20:09:50 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2014/07/05 20:09:50 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2014/07/05 20:09:50 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2014/07/05 20:09:50 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2014/07/05 20:09:49 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2014/07/05 20:09:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2014/07/05 20:09:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2014/07/05 20:09:49 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2014/07/05 20:09:48 | 006,218,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll

[2014/07/05 20:09:48 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2014/07/05 20:09:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2014/07/05 20:09:47 | 000,315,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll

[2014/07/05 20:09:46 | 001,939,800 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll

[2014/07/05 20:09:46 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll

[2014/07/05 20:09:45 | 001,530,048 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll

[2014/07/05 20:09:44 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll

[2014/07/05 20:09:41 | 000,560,328 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2014/07/05 20:09:41 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2014/07/04 18:39:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Veronica\Desktop\OTL.exe

[2014/07/04 15:35:37 | 000,011,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys

[2014/07/03 01:57:17 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Roaming\spelling

[2014/07/03 01:56:56 | 000,000,000 | ---D | C] -- C:\Users\Veronica\.lawson

[2014/07/03 01:56:47 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Roaming\repository

[2014/07/02 22:34:48 | 000,031,024 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\LPCFilter.sys

[2014/07/02 22:15:45 | 000,157,696 | ---- | C] (Matrox Graphics Inc.) -- C:\Windows\SysNative\drivers\MxEFUF64.sys

[2014/07/01 22:10:30 | 002,338,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/07/01 22:10:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2014/07/01 22:10:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/07/01 22:10:28 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/07/01 22:10:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/07/01 22:10:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2014/07/01 22:10:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/07/01 22:10:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2014/07/01 22:10:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2014/07/01 22:10:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/07/01 22:10:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2014/07/01 22:10:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/07/01 22:10:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/07/01 22:10:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/07/01 22:10:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/07/01 22:10:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2014/07/01 22:10:08 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/07/01 22:10:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2014/07/01 22:10:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2014/07/01 22:10:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2014/07/01 22:09:54 | 000,622,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2014/07/01 18:38:24 | 000,425,472 | ---- | C] (TechnoScope Co., Ltd.) -- C:\Windows\SysNative\Zcl64.dll

[2014/07/01 18:38:24 | 000,071,680 | ---- | C] (TechnoScope Co., Ltd.) -- C:\Windows\SysNative\drivers\ZCLDrv64.sys

[2014/07/01 18:38:24 | 000,042,496 | ---- | C] (TechnoScope Co., Ltd.) -- C:\Windows\SysNative\ZclDrv64.dll

[2014/07/01 18:38:24 | 000,036,352 | ---- | C] (TechnoScope Co., Ltd.) -- C:\Windows\SysWow64\ZclDrv.dll

[2014/07/01 18:38:23 | 000,393,216 | ---- | C] (TechnoScope Co., Ltd.) -- C:\Windows\SysWow64\Zcl.dll

[2014/07/01 18:38:23 | 000,040,960 | ---- | C] (TechnoScope) -- C:\Windows\SysWow64\Ccm.dll

[2014/07/01 07:34:19 | 000,390,112 | ---- | C] (Marvell) -- C:\Windows\SysNative\drivers\yk60x64.sys

[2014/06/30 23:47:21 | 000,000,000 | ---D | C] -- C:\Users\Veronica\Documents\My Drivers

[2014/06/30 20:13:28 | 000,099,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll

[2014/06/30 20:13:28 | 000,086,528 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll

[2014/06/30 20:13:28 | 000,083,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll

[2014/06/30 20:13:28 | 000,073,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll

[2014/06/30 20:13:27 | 000,826,368 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_64.dll

[2014/06/30 20:13:26 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll

[2014/06/30 20:13:26 | 000,142,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll

[2014/06/30 20:13:26 | 000,125,824 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll

[2014/06/30 20:13:25 | 006,036,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdagA.dll

[2014/06/30 20:13:25 | 003,839,488 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdagB.dll

[2014/06/30 20:13:23 | 005,205,504 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64B.dll

[2014/06/30 20:13:23 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll

[2014/06/30 20:13:22 | 007,040,928 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64A.dll

[2014/06/30 20:13:14 | 000,051,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll

[2014/06/30 20:13:14 | 000,038,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll

[2014/06/30 20:13:12 | 000,089,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atisamu64.dll

[2014/06/30 20:13:12 | 000,080,896 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atisamu32.dll

[2014/06/30 20:13:11 | 011,513,856 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxxB.dll

[2014/06/30 20:13:09 | 022,157,824 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxxA.dll

[2014/06/30 20:13:04 | 015,983,104 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axxB.dll

[2014/06/30 20:13:01 | 026,352,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axxA.dll

[2014/06/30 20:12:54 | 000,612,888 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpagA.sys

[2014/06/30 20:12:54 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atildimgx.dll

[2014/06/30 20:12:54 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atildimgy.dll

[2014/06/30 20:12:53 | 005,357,080 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdagB.sys

[2014/06/30 20:12:53 | 000,331,288 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys

[2014/06/30 20:12:52 | 011,837,976 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdagA.sys

[2014/06/30 20:12:47 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll

[2014/06/30 20:12:47 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll

[2014/06/30 20:12:46 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll

[2014/06/30 20:12:46 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll

[2014/06/30 20:12:41 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atidemgy.dll

[2014/06/30 20:12:40 | 004,782,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticldxva.dll

[2014/06/30 20:12:39 | 004,292,192 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticldx6a.dll

[2014/06/30 20:12:37 | 001,094,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll

[2014/06/30 20:12:37 | 000,929,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll

[2014/06/30 20:12:31 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe

[2014/06/30 20:12:30 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe

[2014/06/30 20:12:29 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2014/06/30 20:12:29 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2014/06/30 20:12:27 | 016,457,216 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll

[2014/06/30 20:12:25 | 013,008,384 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll

[2014/06/30 20:12:21 | 000,095,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdave64.dll

[2014/06/30 20:12:21 | 000,090,112 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdave32.dll

[2014/06/30 20:10:57 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll

[2014/06/30 20:10:56 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\AtihdW86.sys

[2014/06/30 20:08:45 | 000,021,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmafd.sys

[2014/06/30 00:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2014/06/30 00:49:12 | 000,000,000 | ---D | C] -- C:\cpqsystem

[2014/06/29 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Veronica\Desktop\DriverMax Recommended Drivers

[2014/06/29 21:20:57 | 000,000,000 | ---D | C] -- C:\Users\Veronica\Desktop\AdAware Scans

[2014/06/29 21:11:58 | 000,000,000 | ---D | C] -- C:\Users\Veronica\Desktop\Old Firefox Data

[2014/06/29 19:30:27 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Local\Innovative Solutions

[2014/06/29 19:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax

[2014/06/29 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions

[2014/06/28 00:47:31 | 000,000,000 | ---D | C] -- C:\Users\Veronica\AppData\Roaming\ImgBurn

[2014/06/28 00:31:03 | 000,439,296 | ---- | C] (Sendori) -- C:\Windows\SysNative\plsapp64.dll

[2014/06/28 00:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2014/06/27 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memory Test

[2014/06/26 22:19:18 | 094,714,880 | ---- | C] (AVAST Software) -- C:\Users\Veronica\Desktop\avast_free_antivirus_setup.exe

[2014/06/25 21:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWMonitor

[2014/06/25 21:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed

[2014/06/25 21:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed

[2014/06/25 20:58:24 | 002,668,480 | ---- | C] (Resplendence Software Projects Sp.                          ) -- C:\Users\Veronica\Desktop\whocrashedSetup.exe

[2014/06/25 20:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft

[4 C:\Users\Veronica\Documents\*.tmp files -> C:\Users\Veronica\Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/07/15 18:59:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/07/15 18:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/07/15 18:12:09 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2932777127-504153465-3726424614-1000UA.job

[2014/07/15 18:11:31 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/07/15 18:11:31 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/07/15 16:20:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2932777127-504153465-3726424614-1000UA.job

[2014/07/15 10:10:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2932777127-504153465-3726424614-1000Core.job

[2014/07/15 07:20:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2932777127-504153465-3726424614-1000Core.job

[2014/07/15 02:10:01 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2014/07/15 02:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/07/15 02:08:39 | 4025,667,584 | -HS- | M] () -- C:\hiberfil.sys

[2014/07/13 12:35:33 | 002,611,974 | ---- | M] () -- C:\Users\Veronica\Documents\5-Free-Seed-Bead-Patterns.pdf

[2014/07/09 22:39:49 | 000,084,917 | ---- | M] () -- C:\Users\Veronica\Desktop\bluescreenview-x64.zip

[2014/07/09 22:16:37 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk

[2014/07/09 21:50:59 | 002,935,344 | ---- | M] () -- C:\Users\Veronica\Desktop\Gonzales_uninstalltool.exe

[2014/07/09 01:00:04 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/07/09 01:00:03 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/07/08 23:16:11 | 002,084,352 | ---- | M] (Farbar) -- C:\Users\Veronica\Desktop\FRST64.exe

[2014/07/08 23:08:19 | 000,707,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/07/08 23:08:19 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/07/08 23:08:19 | 000,105,046 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/07/08 18:18:15 | 000,165,376 | ---- | M] () -- C:\Users\Veronica\Desktop\SystemLook_x64.exe

[2014/07/08 17:51:53 | 000,139,264 | ---- | M] () -- C:\Users\Veronica\Desktop\SystemLook.exe

[2014/07/07 17:35:03 | 000,393,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/07/07 05:07:25 | 000,000,732 | ---- | M] () -- C:\Users\Veronica\AppData\Local\d3d9caps64.dat

[2014/07/06 23:24:14 | 000,001,356 | ---- | M] () -- C:\Users\Veronica\AppData\Local\d3d9caps.dat

[2014/07/06 20:55:18 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Veronica\Desktop\JRT.exe

[2014/07/06 20:54:23 | 001,346,519 | ---- | M] () -- C:\Users\Veronica\Desktop\adwcleaner_3.214.exe

[2014/07/06 20:32:48 | 001,025,536 | ---- | M] (Farbar) -- C:\Users\Veronica\Desktop\ListParts64.exe

[2014/07/06 12:37:55 | 001,707,144 | ---- | M] () -- C:\Users\Veronica\Desktop\Adaware_Installer.exe

[2014/07/06 12:27:18 | 000,000,084 | -H-- | M] () -- C:\aaw7boot.cmd

[2014/07/05 20:16:07 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl

[2014/07/05 13:18:43 | 002,909,752 | ---- | M] () -- C:\Users\Veronica\Desktop\Gia Video July 2014.AVI

[2014/07/04 20:23:58 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2014/07/04 20:23:58 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2014/07/04 18:39:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Veronica\Desktop\OTL.exe

[2014/07/03 19:45:10 | 000,000,823 | ---- | M] () -- C:\Users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk

[2014/06/29 19:30:27 | 000,001,040 | ---- | M] () -- C:\Users\Veronica\Desktop\DriverMax.lnk

[2014/06/29 19:16:28 | 000,190,178 | ---- | M] () -- C:\Users\Veronica\Desktop\PitStop Results.jpg

[2014/06/28 00:25:52 | 000,001,699 | ---- | M] () -- C:\Users\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2014/06/28 00:25:52 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2014/06/27 23:53:17 | 000,069,043 | ---- | M] () -- C:\Users\Veronica\Desktop\memtest86+-4.20.iso.zip

[2014/06/26 22:20:43 | 094,714,880 | ---- | M] (AVAST Software) -- C:\Users\Veronica\Desktop\avast_free_antivirus_setup.exe

[2014/06/25 21:21:48 | 000,158,387 | ---- | M] () -- C:\Users\Veronica\Desktop\Speedfan Results.jpg

[2014/06/25 21:17:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2014/06/25 21:00:26 | 001,141,408 | ---- | M] (                                                            ) -- C:\Users\Veronica\Desktop\hwmonitor_1.25-setup.exe

[2014/06/25 20:58:26 | 002,668,480 | ---- | M] (Resplendence Software Projects Sp.                          ) -- C:\Users\Veronica\Desktop\whocrashedSetup.exe

[2014/06/25 20:36:29 | 000,141,480 | ---- | M] () -- C:\Users\Veronica\Desktop\bluescreenview_setup.exe

[2014/06/17 19:17:54 | 000,856,992 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll

[2014/06/17 16:08:18 | 001,205,934 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2014/06/17 15:41:56 | 064,228,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2014/06/17 13:32:10 | 001,286,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[4 C:\Users\Veronica\Documents\*.tmp files -> C:\Users\Veronica\Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/07/13 12:34:46 | 002,611,974 | ---- | C] () -- C:\Users\Veronica\Documents\5-Free-Seed-Bead-Patterns.pdf

[2014/07/09 22:39:45 | 000,084,917 | ---- | C] () -- C:\Users\Veronica\Desktop\bluescreenview-x64.zip

[2014/07/09 22:16:37 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk

[2014/07/09 21:50:47 | 002,935,344 | ---- | C] () -- C:\Users\Veronica\Desktop\Gonzales_uninstalltool.exe

[2014/07/08 18:18:14 | 000,165,376 | ---- | C] () -- C:\Users\Veronica\Desktop\SystemLook_x64.exe

[2014/07/08 17:51:48 | 000,139,264 | ---- | C] () -- C:\Users\Veronica\Desktop\SystemLook.exe

[2014/07/07 17:34:45 | 4025,667,584 | -HS- | C] () -- C:\hiberfil.sys

[2014/07/06 20:54:22 | 001,346,519 | ---- | C] () -- C:\Users\Veronica\Desktop\adwcleaner_3.214.exe

[2014/07/06 17:45:01 | 006,416,928 | ---- | C] () -- C:\Windows\System\DriveIcon.dll

[2014/07/06 15:39:24 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2014/07/06 12:37:27 | 001,707,144 | ---- | C] () -- C:\Users\Veronica\Desktop\Adaware_Installer.exe

[2014/07/06 12:27:18 | 000,000,084 | -H-- | C] () -- C:\aaw7boot.cmd

[2014/07/05 20:16:07 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2014/07/05 20:10:51 | 002,119,472 | ---- | C] () -- C:\Windows\SysNative\SStudio.dll

[2014/07/05 20:10:47 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat

[2014/07/05 20:10:38 | 001,205,934 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2014/07/05 20:09:42 | 000,096,568 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll

[2014/07/05 20:09:41 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll

[2014/07/05 13:18:39 | 002,909,752 | ---- | C] () -- C:\Users\Veronica\Desktop\Gia Video July 2014.AVI

[2014/06/30 20:13:27 | 000,230,912 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe

[2014/06/30 20:13:27 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2014/06/30 20:13:27 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat

[2014/06/30 20:13:27 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2014/06/30 20:13:27 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat

[2014/06/30 20:13:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\atitmp64.dll

[2014/06/30 20:13:11 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2014/06/30 20:13:11 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2014/06/30 20:12:39 | 002,852,480 | ---- | C] () -- C:\Windows\SysWow64\aticldxva.cap

[2014/06/30 20:12:38 | 002,818,784 | ---- | C] () -- C:\Windows\SysNative\aticldx6a.cap

[2014/06/30 20:12:30 | 000,550,456 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb

[2014/06/30 20:12:30 | 000,550,456 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2014/06/30 20:12:28 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as.exe

[2014/06/30 20:12:28 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld.exe

[2014/06/30 20:12:28 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld.exe

[2014/06/30 20:12:27 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as.exe

[2014/06/29 19:30:27 | 000,001,040 | ---- | C] () -- C:\Users\Veronica\Desktop\DriverMax.lnk

[2014/06/29 19:16:27 | 000,190,178 | ---- | C] () -- C:\Users\Veronica\Desktop\PitStop Results.jpg

[2014/06/28 00:25:52 | 000,001,699 | ---- | C] () -- C:\Users\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2014/06/28 00:25:52 | 000,001,687 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk

[2014/06/28 00:25:52 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk

[2014/06/28 00:09:15 | 001,839,104 | ---- | C] () -- C:\Users\Veronica\Desktop\mt420.iso

[2014/06/27 23:53:07 | 000,069,043 | ---- | C] () -- C:\Users\Veronica\Desktop\memtest86+-4.20.iso.zip

[2014/06/25 21:21:47 | 000,158,387 | ---- | C] () -- C:\Users\Veronica\Desktop\Speedfan Results.jpg

[2014/06/25 21:00:24 | 001,141,408 | ---- | C] (                                                            ) -- C:\Users\Veronica\Desktop\hwmonitor_1.25-setup.exe

[2014/06/25 20:35:50 | 000,141,480 | ---- | C] () -- C:\Users\Veronica\Desktop\bluescreenview_setup.exe

[2012/06/13 09:21:43 | 000,151,166 | ---- | C] () -- C:\ProgramData\1339604266.bdinstall.bin

[2012/06/08 04:28:08 | 000,148,808 | ---- | C] () -- C:\ProgramData\1339154345.bdinstall.bin

[2012/06/07 20:55:06 | 000,224,937 | ---- | C] () -- C:\ProgramData\1339125945.bdinstall.bin

[2011/12/04 22:42:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/10/18 22:10:03 | 000,000,732 | ---- | C] () -- C:\Users\Veronica\AppData\Local\d3d9caps64.dat

[2010/03/27 01:20:09 | 000,000,000 | ---- | C] () -- C:\Users\Veronica\AppData\Local\prvlcl.dat

[2009/09/03 17:56:18 | 000,072,080 | ---- | C] () -- C:\Users\Veronica\g2mdlhlpx.exe

[2008/10/27 04:41:56 | 000,007,649 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

[2008/10/20 06:09:47 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2008/09/03 08:32:00 | 000,000,873 | ---- | C] () -- C:\Program Files (x86)\WinRAR.lnk

[2008/08/30 21:45:48 | 000,001,356 | ---- | C] () -- C:\Users\Veronica\AppData\Local\d3d9caps.dat

[2008/08/29 04:24:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/08/28 17:13:44 | 000,189,952 | ---- | C] () -- C:\Users\Veronica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Files - Unicode (All) ==========

[2011/10/24 15:21:29 | 000,010,039 | ---- | M] ()(C:\Users\Veronica\Documents\? Om Symbol.docx) -- C:\Users\Veronica\Documents\ॐ Om Symbol.docx

[2011/10/24 15:21:22 | 000,010,039 | ---- | C] ()(C:\Users\Veronica\Documents\? Om Symbol.docx) -- C:\Users\Veronica\Documents\ॐ Om Symbol.docx

 

< End of report >

 

 

Extras:  

 

OTL Extras logfile created on: 7/15/2014 6:56:54 PM - Run 11

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Veronica\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 28.75% Memory free

7.70 Gb Paging File | 3.22 Gb Available in Paging File | 41.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 580.72 Gb Total Space | 82.54 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Drive D: | 15.45 Gb Total Space | 7.50 Gb Free Space | 48.53% Space Free | Partition Type: NTFS

Drive F: | 931.51 Gb Total Space | 875.06 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

 

Computer Name: VERONICA-PC | User Name: Veronica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (All) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- C:\PROGRA~2\WYZO\WYZO.EXE -requestPending -osint -url "%1"

https [open] -- C:\PROGRA~2\WYZO\WYZO.EXE -requestPending -osint -url "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- C:\PROGRA~2\WYZO\WYZO.EXE -requestPending -osint -url "%1"

https [open] -- C:\PROGRA~2\WYZO\WYZO.EXE -requestPending -osint -url "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 64 38 2D CA 43 CF CA 01  [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2932777127-504153465-3726424614-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 3

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10842A78-66DC-45E1-A68C-F5EE35941BC1}" = lport=445 | protocol=6 | dir=in | app=system | 

"{25473BDD-9209-457B-A594-4A5AB94CB0B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{53BE8640-7478-48E8-9690-55AD82325FD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{54BCB1B5-81B0-457A-8BA8-AD23B0ED9973}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{555DF6BB-FCCC-4EBF-AC89-F0BD310664B6}" = rport=137 | protocol=17 | dir=out | app=system | 

"{597B195F-B0C0-4295-BD9F-618A6D848535}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5A2E4EB9-1145-4688-BECE-B82FAFADB971}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5AC3E198-5F60-4639-AF68-7A825D4AFA4D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{625F280F-72FE-43FD-B40B-D0F850BD6C41}" = rport=139 | protocol=6 | dir=out | app=system | 

"{67FE2EAD-2A19-4E76-A05E-CEF2039D6275}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{684C6DA4-DB9A-4A43-925D-2AF6D98A07E3}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{6DDA783A-1F00-4F1A-AEC1-ACA579A8C36B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{7569F985-713E-412D-B812-36CDAFCD9136}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{7A3AF70E-6C53-4905-8BB2-49217DE929BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{80C826C1-C90E-43E6-A77A-49823F86F753}" = lport=139 | protocol=6 | dir=in | app=system | 

"{901BABE9-08E6-4B3A-A80D-862339552A37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{9C724B88-53F1-437B-9CEC-9E4211227650}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{A0D72AFB-FB6B-4313-BB2E-09800FEE0055}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A87689F9-2FEC-4AC3-8233-96AF5350B78D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B1B155D9-7A7A-4CE8-A3E1-35B5429AC43D}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C52D9F9E-466D-4C3C-8E50-63CD609581C1}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C6ACE2F1-F7B0-42C3-8381-D689C7851508}" = lport=138 | protocol=17 | dir=in | app=system | 

"{D76B3651-0CD2-4C70-A16E-D080C07E8B2A}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{EC08D30D-33B3-4135-BC50-9FD7D7949231}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01D34F1A-355A-4180-B6EC-8DF8E8869EDD}" = protocol=6 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{026C33CE-2BA8-4E03-AA43-227FDE51DFB0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{02792413-5493-4CA8-A64A-FAE0CC4CE4A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{02D868DE-4B27-49BF-9000-194721278460}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{04B1128F-8179-49BC-9ADD-3EF90FA81844}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{059FD078-A096-43A1-B5C7-372AFE7069C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{0A6BF73A-D8C2-45EE-8E8A-6B53368ACC29}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{0CD7899D-0A15-40DB-99D8-3EF7413BEA28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{0E24DF43-BFD1-4ED6-BB57-5F1B47B6E899}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{0E45C201-9A01-4D23-BCFC-A27105447615}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{10B4EA42-A60B-447B-88C9-7A9CE0666916}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{10BFDB7D-17A3-4370-A50D-4275D1C2DADB}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{1103897C-8EA7-447B-BE96-FD3B699E92F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{1337EB2B-BBC4-4707-B7E3-0F00B65E85E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{13730A61-8F0A-4263-AA88-BF962FCE52EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{150957CD-21AD-4AC3-ACBC-60EA67C4E652}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{165507A8-055B-4C45-9F46-AB8DC8403132}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{1667BC0D-D5B0-4922-8ACD-F83E8FC0AD27}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 

"{17CB4E4F-3AB1-4B0C-BD34-791957408449}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{1CDD8E3D-5665-44D9-A7F2-8D94D8081E3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{1DB53443-1B27-4054-B1DA-38336860CA81}" = protocol=17 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{1F04E901-9491-4880-B708-220FBE2CF6F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{245B525E-7F17-4C4B-8DF2-94FA6931C448}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2490B7A9-E98B-490C-B37A-11DDC6C835E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{257B4A30-6863-44E8-8010-92D84FFDC1CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{25CBFA4F-D092-47AB-9CC5-AD21A802D50F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{260F5528-148C-487B-8391-F9B51CA3EE4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{280787AE-08B7-46CF-8A30-DE3F07D4B612}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{29A24485-90F4-4589-92C2-C5A3EC0B7838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{2BC39824-FEAA-445F-A7E3-347C6C5ABE22}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{2C399413-337D-4144-8329-88CCD71EEB93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2D265DCC-BCB1-49D1-AFBD-CF970E5A217B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{2E7A3467-D5BD-4D8F-81CA-F107AD209584}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{2F7B2B8C-8F4D-4E26-8BD5-99BF0C5775A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{2F8B5F6F-29AB-4759-9AF7-C26EE97EF527}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{31080E6D-2B69-4857-BC38-ADAA3927D457}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3663B32A-E0F5-4A51-AEFF-0EA70EC5A3BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{36B790FF-3E0C-4A4F-A8AA-1C286765FE92}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 

"{371FF138-E686-443C-83A2-B57101311A6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{3910F3EF-53B5-4475-B5FE-219A425648BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{3B543152-9250-4C3B-991A-D45AD1DD22C5}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{3BFDD106-CF76-4293-B731-1DAA4BB7C3E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{3F66F6E2-1EF2-451C-AE66-DA5A942B6945}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{429B5070-ABF6-40C6-9C36-FAE743CDDA8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4464BFB7-4D9C-433C-A948-9281929DF9C9}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"{44D871BA-A42E-40D9-8A71-AED043236D2D}" = protocol=6 | dir=out | app=system | 

"{46815B1E-0272-4122-ADB4-3253FD789FBB}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe | 

"{4743BAA7-7C0E-494D-BF68-6400A821DAC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4AA42B41-2510-4BCB-8636-5686E416E5FC}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{4B34882C-D5C4-4100-8B63-79C78E9C9284}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4B37B08D-D8F6-40B1-841B-1F4FD728BB8D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4C4FAAE6-14D0-46E6-B195-68A27EC93D72}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"{502946F7-E988-4CE1-9B0E-930BE1C85A6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{55851DC4-B64B-4CCB-BFC2-89303F33B5F9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{564AE802-B291-4AEB-98ED-46A3AFBFEBC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{56B146E8-9356-4560-AFBA-61CD266F7E6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{58C448EC-44F6-427E-8842-4CF0B6A9BEFB}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 

"{59140B7E-327A-4648-B48A-BE702E033061}" = protocol=58 | dir=out | [email protected],-28546 | 

"{5A33B0ED-4D27-46F1-A985-54CCA3552785}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5D074CA8-311C-4A48-8600-ED899A1E1007}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{5DFCC6C7-9E4A-41E3-B931-210D62270949}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{5E7726E1-1296-4FAC-90D5-DB0E14C705F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{5EA3CA30-CEE0-43A2-9C80-8E0500E2456C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{64846365-7765-499E-9751-F1FE81F56798}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{650F3C6A-B12B-4A19-B01C-9B650A73BC8F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{6678F625-474D-4246-A215-A7756B2A3C18}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{66E27F3A-84A4-49FB-AB37-4F5C388A2C1B}" = protocol=58 | dir=in | [email protected],-28545 | 

"{671F9ADD-566E-4FFF-8F0F-677F733AEC3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{674544C2-9250-4AA4-A693-6886D1B4F588}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{69039CCA-9556-449D-8572-E8C458B4E788}" = protocol=1 | dir=out | [email protected],-28544 | 

"{6C1BA2AB-F4B5-40EB-AE92-22CBEE38BE85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{6CD1E949-98E8-46E2-9877-C6ABF3EAA0F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{6F59B0FF-FB28-4234-8486-18DECCCA8EA3}" = protocol=17 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{740E888E-16EB-4FA2-9B90-964A9207B88B}" = protocol=6 | dir=in | app=c:\users\veronica\appdata\roaming\dropbox\bin\dropbox.exe | 

"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe | 

"{79DEE2F9-AD48-422C-8E3F-D3EB73536963}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{7A1921A8-5741-492A-97FD-209C0D623030}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe | 

"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"{7B21BECB-4F1C-4C44-B673-6F6F0E72B896}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{7D6B57FB-D642-4924-9731-00D078ED03BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{80DEC832-6569-4AEE-9F0D-83DFB5EEA5AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{813319DE-75EF-48F8-BDA8-8DFDCE49677F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{870CEE34-4330-4455-BF8C-995B60B39DC8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{882F7DCB-E7F0-403D-8A1F-24531E490BA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{8D2947F4-2288-443E-A348-E6E697C78C21}" = protocol=17 | dir=in | app=c:\users\veronica\appdata\roaming\dropbox\bin\dropbox.exe | 

"{8D665D8B-C89F-4081-A4CB-D30AF22792A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{90AC2A30-D531-4EE2-B9CD-367414EACD98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9145D231-2C44-43B3-B787-9D2ED90933B7}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe | 

"{92C711ED-16C9-4454-83AA-DE0C69CA8E8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{941966D9-A44D-4080-B467-641CCF657E05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{9618C43B-4A5A-4C26-9CE9-56E6D37774AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{97E4E13C-F37C-4948-989A-DA28E45DB3DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9857CCD4-D07C-4C1D-93A4-DC3FC50110DD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{9AFC6AFD-CF3E-46E8-A9CC-EF4E4A0C1B8B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 

"{9D42AEE2-3EB0-436C-BE37-8FBDFAC346FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9E411DBF-F0B7-42F1-B516-D48D6250017C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A03AAE62-0CAA-41A8-90C2-C0B112BA31E4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A0DEB973-172D-40D8-AD45-C65DD46CB654}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A2ACFE44-C2D0-4E2C-B415-2A67B4618663}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A7251902-A259-45B4-B724-0776475BED05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A883016C-CEC9-473E-A78C-4F2A629E1D76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{A9FF6A61-29E0-4142-9752-45251CA479BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{AA258162-8D4C-4459-8F67-2D5ED44F921E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{AB48684D-558B-4397-9F8C-B7F3C366592A}" = protocol=6 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{AD10704A-D82F-4D47-8C83-B881776C0FDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AD7E6629-A257-43B2-BA64-14A877127976}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{AEDA5B5B-933B-4703-B4FA-075EE1D63792}" = protocol=6 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"{B1262AA4-35D0-4973-96C0-2348C923490D}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe | 

"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe | 

"{B327FAB2-350F-4D16-A0BF-FE55D712CAF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{B32CB562-DE4F-4B04-801D-C00283806D7F}" = protocol=1 | dir=in | [email protected],-28543 | 

"{B37FA4D5-BC83-4090-9F2D-C655BE602A4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BA6FC80C-CBCF-4E5D-A696-D97BB37320BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BB0E507B-E07B-4428-87A5-AC14E2A4EB58}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe | 

"{BD398393-86C6-4027-9CD4-FC3F5DBC89A3}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BD7294D6-89EB-4F6E-812F-5032D7B75A2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BF6CBCAC-1F4A-4B00-B3F1-84317926A8E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BFFB37C5-B5A3-42B1-BB35-CA2C55944597}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe | 

"{C75043DF-6954-4AD7-8A2D-788B07922D94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{CB65757B-AC2F-468C-A364-C35F8386EE93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{CFA9A85A-B58B-4107-A87F-6A34819FCA25}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 

"{D0D2E583-FD6B-4FB5-9884-2759DD6522B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{D5683DEA-7B3A-4D93-AE5C-CEBF39223A83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D6162DD5-0EBE-4BFC-AC0C-31FAD8261FC0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{D623B4BE-58D5-4AB1-AF53-1E8CBD878B18}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{D68FF955-8799-46CC-852A-69B7F60C3A5D}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"{D7F92AC6-1792-41BB-BF7D-A85468B194D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D8C40F3D-19C5-4ADB-85B1-B38BACAA06B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{D99C1EBB-A758-4B70-87E2-3EF94B787C67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{D9D786B5-8AE5-4C52-BFFF-680D1A32B388}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{DA4099BE-02B0-4A20-AE3D-C7A896F6875D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{DC94498A-74F4-4269-8DB5-A26D5349E05C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{DD39F822-E5D6-4AB5-8EE1-14EF7A1D3AC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{DE9467E5-9EA8-4BB8-8AE9-BA397630CDB3}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 

"{E3CEA2A7-75CE-4398-928A-591FAA6557E1}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"{E4D1E897-6517-4F08-BD9E-9D5E1573307D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{E68C7567-4C0F-4717-AF38-84EB456A6537}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{E912F896-7F25-404B-9926-4EE5E34B9E6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{EB16EADE-FE36-4CE3-A070-B9E05C519286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{ECC444C4-59E5-4DE0-A5BC-C43B3E41495E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{EEB5134E-7BC5-41AC-97DE-CFF1B7D262E3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{EEE12D15-624C-4CBE-9F28-8FCDB47EC11B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{EFDE057E-48C0-4C2E-9209-81E2EFA72692}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{F021A359-F026-4994-9366-0E2443DC6604}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F434A6F3-A884-4164-8B7A-8E6D12370A73}" = protocol=6 | dir=in | app=c:\users\veronica\appdata\roaming\spotify\spotify.exe | 

"{F8B41FFA-1D53-437F-8E28-486DA2A4C158}" = protocol=17 | dir=in | app=c:\users\veronica\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{F8DDE1B0-7724-4719-9BE4-65C8F4DBA50A}" = protocol=17 | dir=in | app=c:\users\veronica\appdata\roaming\spotify\spotify.exe | 

"{FAE2B4A4-ABFD-4426-96A7-E29FF58E7224}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{FB095D10-E2D0-4BDD-ABB6-7C7FFE1D9277}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{FCE85779-08DA-4DBE-B399-DA2EE357C87E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{FE396926-03D9-4848-AE83-B74420B8F3C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{FF010428-439F-4F85-90E8-FDACC6BB4F37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{FFAE9D89-D9A7-446F-A521-CDF58D8D9B81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"TCP Query User{19FFD451-13B5-4FA2-B475-8E56BB51AD45}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 

"TCP Query User{34BA8E84-F19A-425D-A37D-37EFEEE86C92}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe | 

"TCP Query User{C55E5B0E-A73B-4726-8265-D461E0E7EBBE}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 

"TCP Query User{CADAA3EA-462C-40F7-B63A-D9C8163DA88E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"TCP Query User{F6646E6E-B40D-46CB-83F4-BF8389FFF0FC}C:\users\veronica\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\veronica\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 

"UDP Query User{03598279-A77B-48E7-94AC-6F1639AC174C}C:\users\veronica\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\veronica\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 

"UDP Query User{18390BFA-0C1B-49DE-9303-FAA424B354BA}C:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mp3 skype recorder\mp3 skype recorder.exe | 

"UDP Query User{5F7392F5-355B-4BCA-80D0-C3D3ACF0A026}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 

"UDP Query User{7494D6E8-0641-4843-B767-4C2D19468A47}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"UDP Query User{FAB2C2A7-BDF6-46B3-A29C-C00E4B029104}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C8E38DC-AD7F-3EE3-01A8-EDCD37B8646F}" = ccc-utility64

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}" = AdAwareUpdater

"{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater" = Ad-Aware Antivirus

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BB6E5AA0-BBE9-4009-B94E-2801F2D67DD7}" = AdAwareInstaller

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.25

"EPSON Printer and Utilities" = EPSON Printer Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WhoCrashed_is1" = WhoCrashed 5.01

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{07731480-9925-4E0B-180A-79DABFE1C5F6}" = CCC Help English

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E35BFAF-A40C-CF70-5F80-C9820E054FA7}" = Catalyst Control Center HydraVision Full

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0

"{13105BEE-D0F3-E613-BF57-568AD866D42C}" = Catalyst Control Center Graphics Previews Common

"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.5

"{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Copy

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7E02E0E7-1D63-9437-142C-144B5C4367D3}" = Catalyst Control Center Graphics Light

"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web

"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)

"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)

"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_WebDesigner_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007

"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007

"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_WebDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9623CC51-112F-DD12-0CBB-7239752F0D08}" = Skins

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D0682C2-32F1-9073-02BA-AE05DFF2E934}" = ccc-core-static

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)

"{AD3891EA-5731-4AEA-8B9D-D9AE5F92542A}" = HP Print Diagnostic Utility

"{B1836D00-BA15-DC8F-C428-171B9B870851}" = HydraVision

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin

"{C3BBCFEC-E924-4207-B1C3-9064D13A388B}" = ebgcRes

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1DF4A53-B841-C83F-8F3F-2B61D200E614}" = Catalyst Control Center Graphics Full New

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC14BD52-73EB-E17A-26F3-E8CA419A437C}" = Catalyst Control Center Graphics Previews Vista

"{F02C931A-24C7-9255-D300-37DB83BBCDD1}" = Catalyst Control Center Graphics Full Existing

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F9A90D58-F71B-55B9-30A5-ECD21BBE5C61}" = Catalyst Control Center Core Implementation

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding

"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"BeadTool 4_is1" = BeadTool 4.4.22

"Cake Mania" = Cake Mania

"Comodo Dragon" = Comodo Dragon

"Digital Editions" = Adobe Digital Editions

"DivX Setup" = DivX Setup

"DMX5_is1" = DriverMax 7

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"HDD Thermometer" = HDD Thermometer

"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial

"InterActual Player" = InterActual Player

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Full)

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

"Money2007b" = Microsoft Money Essentials

"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"PRJPRO" = Microsoft Office Project Professional 2007

"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2

"SpeedFan" = SpeedFan (remove only)

"VISPRO" = Microsoft Office Visio Professional 2007

"WavePad" = WavePad Sound Editor

"WebDesigner" = Microsoft Expression Web

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"8a221556f1ed7894" = Amplify

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 7/13/2014 8:14:50 PM | Computer Name = Veronica-PC | Source = Windows Backup | ID = 4104

Description = 

 

Error - 7/13/2014 10:13:54 PM | Computer Name = Veronica-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 7/14/2014 7:17:02 PM | Computer Name = Veronica-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 7/14/2014 7:19:37 PM | Computer Name = Veronica-PC | Source = MsiInstaller | ID = 1013

Description = 

 

Error - 7/15/2014 12:24:23 AM | Computer Name = Veronica-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 7/15/2014 12:27:14 AM | Computer Name = Veronica-PC | Source = MsiInstaller | ID = 1013

Description = 

 

Error - 7/15/2014 5:09:01 AM | Computer Name = Veronica-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 7/15/2014 5:11:53 AM | Computer Name = Veronica-PC | Source = MsiInstaller | ID = 1013

Description = 

 

Error - 7/15/2014 10:30:30 AM | Computer Name = Veronica-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 7/15/2014 10:13:08 PM | Computer Name = Veronica-PC | Source = Chrome | ID = 1

Description = 

 

[ OSession Events ]

Error - 9/5/2008 5:25:44 PM | Computer Name = Veronica-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 91806

 seconds with 4620 seconds of active time.  This session ended with a crash.

 

Error - 9/7/2008 11:43:13 PM | Computer Name = Veronica-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 195432

 seconds with 4500 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 7/14/2014 7:17:04 PM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 7/14/2014 7:17:17 PM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 7/15/2014 12:24:34 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 7/15/2014 12:24:34 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 7/15/2014 12:24:34 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 7/15/2014 12:27:14 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 7/15/2014 5:09:01 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 7/15/2014 5:09:01 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 7/15/2014 5:09:01 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 7/15/2014 5:09:40 AM | Computer Name = Veronica-PC | Source = Service Control Manager | ID = 7011

Description = 

 

 

< End of report >

 

 

Okay, I tried ran sfc /scannow and it says there is a system repair pending a reboot.

 

 

I have a PC with AMD 64 bit operating system using Windows Vista. It is a Gateway AMD Phenom 9100e Quad Core Processor.  One of the HDs is a Seagate and the other I'm not sure.  I would have to turn off the computer and pull them out.  I know that one of them used to be the main HD in my original PC.  I'm thinking it had 400GB and the other one might have had 400GB as well.  Motherboard is AMD 780G.  When I restart, I'll see if I can tell without having to take them out.

[periwinkle]

I ran the scan the scf /scannow and the Window Resource Protection found corrupt files but was unable to repair some of them.  The CBS log (which it referred me to) follows:  

 

Well, I keep trying to post the log, but I'm having that same problem I had several days ago that I cannot paste the contents of the logs and it locks up my tabs and the browser (Chrome) stops responding.  I think this problem is somehow tied to the iesearch, because I get messages that it's trying to do an outbound search and is blocked by MalwareBytes EVERY SINGLE TIME I try to copy the log!!!  I'll try with a different browser, but as I recall, it blocked all the attempts on ANY browser.

 

I have tried to remove the iesearch using this method and I believe it worked when I did it before http://www.securitys...h-hijacker.html

 

I have restarted the computer at least 2 times, and this problem of not being able to paste logs or anything in Chrome persists.

Edited by periwinkle, 16 July 2014 - 02:33 AM.

[periwinkle]

I think that this iesearch might be related to the conduit crap I had on my computer that AdAware found.  However, I just looked in my quarantined files and there was a list of about 7 items.  NOW THEY ARE GONE!  I did restore the computer because it would not boot.  But this iesearch has been super resistant since the restoring of the computer on 7-14-14.   I'm fairly certain it was gone for a few days as MalwareBytes did not tell me of an outbound search even once for 2 1/2 days (and I checked the logs as well), then I started having the powering off yesterday.

 

Note:  the quarantined items might have been in Malwarebytes, not in AdAware.  Again, it's late and I'm tired.

 

This iesearch thing is nasty.  Every time I open up geekstogo or try to post the log into the forum, I get two notices from Malwarebytes that it has stopped www.iesearch.com from doing something outbound.

 

I have tried restarting at least 3 times.  I tried pasting the CBS content in Chrome, Firefox and Internet Explorer.  Every one of the browsers stops responding!  Then MalwareBytes shows me a notice saying the outbound search by www.iesearch.com was blocked.   The notice occurs as soon as I start typing to post something in Geekstogo.com!  I attached the CBS log to an email to myself to try to copy & paste it from another computer.  It says the file is 18.5MB.  This seems exceedingly large.  I could just try posting part of it.

Edited by periwinkle, 16 July 2014 - 03:29 AM.