Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

internet videos hog 100 percent cpu, overall sluggish system, malware.

sweetpacks fake java

  • This topic is locked This topic is locked

#1
jp550

jp550

    Member

  • Member
  • PipPip
  • 30 posts

Hey guys long time no see but glad to be back in the company of yee valiant internet heroes.  I have some malware to smite.

 

So as of late my internet has been incredibly sluggish.  A few months ago I got the sweetpacks spyware but I believe I deleted it successfully.  Several days ago I was on legit forum and was redirected to a site asking me to download java or something like that but it seemed phishy to me...so that could be a symptom. 

 

Only other symptom I have recently got was a warning that said my ip was in use by another pc.  Sketchy but could just be my roommate and our funky router.

 

Heres the otl log.  And thanks again guys you are all awesome for doing this.

 

OTL logfile created on: 7/22/2014 4:27:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jake\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 3.65 Gb Available Physical Memory | 61.34% Memory free
10.98 Gb Paging File | 7.43 Gb Available in Paging File | 67.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.98 Gb Total Space | 6.73 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 17.36 Gb Total Space | 0.70 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive G: | 29.91 Gb Total Space | 13.69 Gb Free Space | 45.76% Space Free | Partition Type: FAT32
Drive H: | 2794.51 Gb Total Space | 1702.56 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
 
Computer Name: JAKE-HP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/22 16:26:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Downloads\OTL.exe
PRC - [2014/06/21 22:09:20 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/05/26 13:57:30 | 002,688,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/05/26 05:48:00 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/05/23 02:10:16 | 005,341,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/21 08:14:14 | 000,954,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Premiere Pro CC\32\Adobe QT32 Server.exe
PRC - [2014/03/21 08:14:14 | 000,586,968 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Premiere Pro CC\32\dynamiclinkmanager.exe
PRC - [2014/03/13 14:46:36 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/02/27 22:12:22 | 000,893,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2014/02/19 06:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/12/26 10:02:30 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2013/04/04 23:19:48 | 000,566,568 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/04/04 23:19:42 | 000,390,952 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/04/04 23:17:30 | 001,285,416 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/04/04 23:17:00 | 000,455,464 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2013/03/14 10:20:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/10/12 23:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/07/31 14:20:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/07/09 12:46:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/11 11:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/01/14 11:01:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/14 11:01:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 02:24:48 | 000,353,096 | ---- | M] () -- C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 02:24:44 | 008,537,928 | ---- | M] () -- C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 02:24:38 | 000,718,664 | ---- | M] () -- C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 02:24:36 | 000,126,280 | ---- | M] () -- C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 02:24:35 | 001,732,936 | ---- | M] () -- C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/05/26 05:52:12 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/05/23 02:10:16 | 005,341,856 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/05/12 22:22:24 | 002,217,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
MOD - [2014/05/10 17:04:55 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ce74c08d7a2c79731101c137fe63bdd7\IAStorUtil.ni.dll
MOD - [2014/05/10 16:26:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d262e52fc1faf27e02aa8aff7b4f3feb\System.Runtime.Remoting.ni.dll
MOD - [2014/05/10 16:26:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\34622bb2d50249bc3cd1f9c6ed4809fe\System.Windows.Forms.ni.dll
MOD - [2014/05/10 16:26:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5f48e1efc500752ccdb802924c318384\System.Configuration.ni.dll
MOD - [2014/05/10 16:25:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\87f4cdcc55aa0f95bb4386614447e664\WindowsBase.ni.dll
MOD - [2014/05/10 11:05:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2014/05/10 11:05:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2014/05/10 11:04:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2014/05/10 11:04:49 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2014/05/10 11:04:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2013/12/26 10:05:28 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2011/12/11 06:55:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/01 15:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 15:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/10 11:33:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 06:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/13 14:46:26 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe -- (NitroDriverReadSpool9)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/20 09:12:00 | 000,341,792 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2011/04/12 23:58:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/22 01:10:26 | 001,136,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/23 20:20:56 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/04 16:34:20 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/02/04 16:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/04 16:19:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/01/26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/07/11 17:53:24 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/13 14:46:36 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 23:19:48 | 000,566,568 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/04 23:19:42 | 000,390,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/04 23:17:00 | 000,455,464 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/04/02 16:17:22 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/03/14 10:20:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/31 14:20:39 | 000,215,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/07/09 12:46:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/09 10:23:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/01/14 11:01:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/14 11:01:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/22 15:39:25 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/04/02 17:54:24 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/02 16:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/21 09:23:48 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/01/04 16:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/10/31 16:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/04/30 00:44:04 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 11:04:24 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/04/26 11:04:22 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/04/26 11:04:20 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/13 01:50:28 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/12 23:17:16 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/07 17:22:12 | 000,029,800 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/09 12:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 02:24:50 | 000,053,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/01/24 02:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 01:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 03:43:40 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{54643B3A-3C64-4228-B076-13AFB5627ECD}: "URL" = http://search.condui...&ctid=CT1561552
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:3.6.2
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/03/14 10:13:04 | 000,136,309 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/11 06:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 03:36:14 | 000,010,691 | ---- | M] ()
 
[2011/12/11 06:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions
[2014/07/22 02:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions
[2012/09/19 20:30:15 | 000,000,000 | ---D | M] (Hotspot Shield Community Toolbar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2012/09/19 20:30:14 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\[email protected]
[2014/07/22 02:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\staged
[2013/05/29 17:53:55 | 000,001,793 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\searchplugins\Bing.xml
[2013/06/02 21:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/27 20:34:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/21 09:34:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2013/06/02 21:26:09 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/20 21:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 18:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 18:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jake\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: HP Product Detection Plugin (Enabled) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Disabled) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npAclmPlugin.dll
CHR - plugin: HP Pit Plugin (Disabled) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npPitPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npIdfPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
CHR - plugin: Dragon NaturallySpeaking Rich Internet Application Support (Enabled) = C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: Dictanote - Speech Recognizer = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\8_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Session Buddy = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.7_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Football News] C:\Program Files (x86)\Football News App\Football News.exe /minimized File not found
O4 - HKCU..\Run: [googletalk] C:\Users\Jake\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [Microsoft] C:\Program Files (x86)\MSBuild\Microsoft\MSServices.lnk File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08BAE047-FCEB-45DE-96A9-2A5B861EF0BA}: DhcpNameServer = 10.42.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1781379F-4612-41F8-83B7-5B3A1039374F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F06906-2EAA-4350-B92C-A7D238FCAF1E}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/23 21:02:32 | 000,000,037 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\Shell\AutoRun\command - "" = H:\fscommand\LS_Start_Launch.exe
O33 - MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\Shell\Launcher\command - "" = H:\Get_Started_with_LifeStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/22 02:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2014/07/13 17:56:31 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/13 17:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/13 17:55:47 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/13 17:55:46 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/13 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/24 13:24:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\i lift things up and put them down
[2014/06/24 13:15:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[5 C:\Users\Jake\Documents\*.tmp files -> C:\Users\Jake\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jake\Desktop\*.tmp files -> C:\Users\Jake\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/22 16:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/22 15:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
[2014/07/22 15:39:25 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/22 15:03:06 | 000,002,414 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
[2014/07/22 15:03:06 | 000,002,412 | ---- | M] () -- C:\Users\Jake\Desktop\Google Chrome Canary.lnk
[2014/07/22 14:35:50 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
[2014/07/22 13:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/22 06:45:21 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
[2014/07/22 02:27:04 | 000,007,621 | ---- | M] () -- C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
[2014/07/22 00:26:05 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/22 00:26:05 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/22 00:26:05 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/21 23:35:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
[2014/07/21 22:14:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/21 10:32:09 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/21 10:32:09 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/21 07:41:28 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/21 03:45:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job
[2014/07/14 08:35:19 | 000,075,519 | ---- | M] () -- C:\Users\Jake\Desktop\timesheet 629-712.pdf
[2014/07/13 17:56:07 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/05 21:58:52 | 000,074,312 | ---- | M] () -- C:\Users\Jake\Desktop\bryani.jpg
[5 C:\Users\Jake\Documents\*.tmp files -> C:\Users\Jake\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jake\Desktop\*.tmp files -> C:\Users\Jake\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/14 08:34:12 | 000,075,519 | ---- | C] () -- C:\Users\Jake\Desktop\timesheet 629-712.pdf
[2014/07/13 17:56:07 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/05 21:58:51 | 000,074,312 | ---- | C] () -- C:\Users\Jake\Desktop\bryani.jpg
[2014/06/27 15:38:37 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJake.job
[2013/09/18 10:58:15 | 000,002,275 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\SAS7_000.DAT
[2011/12/20 14:04:24 | 000,003,382 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\art.png
[2011/10/29 11:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Jake\AppData\Local\{A547B8C0-8B8A-4ACB-9CF7-6438AFDF1905}
[2011/10/29 11:31:33 | 000,000,000 | ---- | C] () -- C:\Users\Jake\AppData\Local\{677F834C-5263-4E88-A155-AA7ADCD82139}
[2011/08/10 20:35:32 | 000,011,270 | ---- | C] () -- C:\Users\Jake\UserCustomPreset_Adobe Premiere Pro 2.0.vpr
[2011/07/20 22:59:47 | 000,000,028 | ---- | C] () -- C:\Users\Jake\Adobe Encore DVD_VUI.pref
[2011/07/09 13:00:54 | 000,007,621 | ---- | C] () -- C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/10/03 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/09 10:46:13 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DAEMON Tools Pro
[2014/04/04 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Downloaded Installations
[2014/07/22 00:23:12 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Dropbox
[2014/07/22 00:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DropboxMaster
[2011/07/27 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FlashGet
[2013/09/18 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\GetRightToGo
[2013/06/02 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Hotspot Shield
[2011/07/08 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\IDT
[2013/06/25 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Leadertech
[2011/07/08 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient
[2014/04/04 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nitro
[2014/07/14 08:34:08 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nitro PDF
[2013/09/18 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nuance
[2011/07/29 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Origin
[2012/07/26 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Pixmantec
[2012/08/21 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2013/07/09 13:25:35 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Riot Games
[2011/09/21 06:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Similarity
[2011/07/07 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Synaptics
[2011/07/29 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\SystemRequirementsLab
[2011/09/02 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3E771A67
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C3306E71
 
< End of report >

Edited by jp550, 22 July 2014 - 06:10 PM.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi jp550

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others. If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed. All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen. If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to. Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Let's get started....

Sorry about some of the above; as a returning member of the forum, I'm sure you have been made aware of some of these conditions before. But it is always best to get things moving in the right direction from the start.

On that note, OTL should have made an additional log named Extra.txt . Can you copy and paste that one in your next post?

Also, does the video slowdown / hogging of the CPU happen in a particular browser or when you play mpeg / avi / etc. files on your system or ????
  • 0

#3
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Let's get started....

Sorry about some of the above; as a returning member of the forum, I'm sure you have been made aware of some of these conditions before. But it is always best to get things moving in the right direction from the start.

 

On that note, OTL should have made an additional log named Extra.txt . Can you copy and paste that one in your next post?

Also, does the video slowdown / hogging of the CPU happen in a particular browser or when you play mpeg / avi / etc. files on your system or ????

 

 

Hi dbreeze, 

 

Thanks for helping me out.  Found the Extra.txt file which i'll post below.  The video slow down happens in both firefox and chrome  and comes in bursts...that is, while the slow down doesn't happen 100 percent of the time, when it does happen its unrelenting and slows down my whole pc until I close the browser.  Offline media definitely doesn't seem to lag as much but I think my entire pc has been generally slower as of late.  But yeah, to answer your question its an issue with web browsing.

 

Here's the log.

OTL Extras logfile created on: 7/22/2014 4:27:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jake\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 3.65 Gb Available Physical Memory | 61.34% Memory free
10.98 Gb Paging File | 7.43 Gb Available in Paging File | 67.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.98 Gb Total Space | 6.73 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive D: | 17.36 Gb Total Space | 0.70 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive G: | 29.91 Gb Total Space | 13.69 Gb Free Space | 45.76% Space Free | Partition Type: FAT32
Drive H: | 2794.51 Gb Total Space | 1702.56 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
 
Computer Name: JAKE-HP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.LFFZBTLGT5VC3P6RIOSNM5CJ34] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0054FA9A-5463-4549-82E9-19B0707CC27F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{083F3C29-8B16-43F3-BD14-3B854107A1AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1012B2A9-9432-4101-BD1A-A484D5F5ABBC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1FE6C373-2D6F-4A99-B97A-514CB501E1B2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2DEA4854-CDFF-4268-87BC-B69A4964C7C2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{467508E9-12A8-4FBD-B940-0806069DA447}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5F5CC1E2-DE23-4C84-ADAD-C83CB8215F7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62D29A0E-E1B4-44FB-89FF-6330C1ADE714}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6612B164-C1E1-4E7C-B5ED-F3DA8FCFCDC5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68F0E9E0-4F35-45B5-80D2-C1E1E0FB7888}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{692112EC-860A-42F2-9225-1ED1E7570CB0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6E6AB275-9449-48DD-A5D3-F3DF69660A89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{700EBEB2-A2AC-4CB7-B659-EB7F19793835}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8DDA6A88-68ED-4162-8486-8277DBB8B964}" = rport=139 | protocol=6 | dir=out | app=system | 
"{92A74957-4C22-4B59-9298-D4B26E136E66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A59E9435-FFA1-43C5-A3BF-0D70BBA4FBDC}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{A9129F18-A8CD-4E80-8681-64A2782B7EE9}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{AC50C54D-9394-463B-9436-4EC54A0F88DF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AFCCF293-D6DD-40E7-BB1E-B2F538ED143A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7CD8625-1DB8-440B-95B2-5E6A0AD1EACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CA891F4B-10A7-4362-8960-96C46689A0FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{CBA527E2-40BC-4A29-9BB8-C11B3C87F439}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E282D9C2-099A-4417-8B2A-9C785F00DA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4C2AAF6-58F2-4E97-81C7-947B42F3DA73}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E515A883-E891-494D-8D36-9DDC4623ECE7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB302D8C-F4DE-4D65-BACD-75C2A484CD33}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FBBABF-B841-4ABE-AAB5-C4129A6BE86D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{035B1612-8B31-4F7A-869A-4F3D919B3995}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{089B9863-0D9A-42AA-BBF4-9BDA853A3CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0DAFDA73-72C8-4182-9BA9-4C843C7976C0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0DD3D469-E86C-4012-999D-E1EA52D86D88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{0E1D6CDC-F7D0-42CE-9C8B-A214B1A99913}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{122A3EEB-C842-49DD-9CAE-A581A2F460DF}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{13B23773-DDEC-4658-9A23-A65411F0BCE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{13CB9D69-610A-441B-AE18-F6AECF9ED956}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{14C83A9E-6095-413B-94E5-736678DDD88E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{18F2FF1F-121F-46CA-9F2E-CFBBCFADEC5A}" = protocol=6 | dir=out | app=system | 
"{191B83E0-97ED-4B73-B41E-2F916BDFB70D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{19A2EA35-2B07-48F8-A85D-EED45E1D76FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F726E13-0F51-43EC-9079-F6263F3BE05F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2187B365-23A6-4B37-9463-788A4C4363CA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2200EDCE-5D66-4FEB-B139-1BD5D0F509EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{226B6D8B-5042-4995-96CE-C0A7012ADC22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{237925F9-344A-44F6-AA01-1B88D948BB00}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{23F6ED1B-F3CB-49D8-9351-D31A2A3D6216}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24037B09-B436-4485-AC3B-AE54B68EC7C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{261F0706-C6E8-4521-B2BF-6F54CA66F352}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{2655DCC2-0651-4AF9-A627-E2C431309D6E}" = protocol=1 | dir=in | [email protected],-28543 | 
"{27088558-575C-4F42-930E-BEC432CD8225}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{298C6754-0088-441F-89C5-B6B0D435180A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{3032B14C-E4E5-431E-88F4-8AA6F933BE30}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{31A408FD-709B-4D78-8E84-1054548CCEED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{32CE3469-9A0D-4B6D-B83C-48DD67B50237}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{32D7E259-301D-4211-AAB9-4D1929123346}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{33F572BD-89FC-4978-BE5D-426B95B770F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35F49276-6D85-4E0E-A017-3B6B4022E4FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{36375CC7-09C8-4CBD-933B-B5468D1AF99E}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{36A585F9-F085-41EF-9131-A4C2A28A5F54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{37A81D45-72F5-4EA9-B40B-8F6A1808DF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{38259EA5-CF64-4D9A-99B1-9923884942B8}" = protocol=17 | dir=in | app=c:\users\jake\appdata\roaming\dropbox\bin\dropbox.exe | 
"{385B266D-079F-4FF7-84C9-EB7C68CC1D1E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3A0D3424-5C3E-4AB3-B097-12504EF143B8}" = dir=in | app=c:\users\jake\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3AB76B18-9407-4D3E-9B5E-C0EFA9559223}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 alpha trial\bf3.exe | 
"{3FEA7D1A-B168-4187-909B-E3D5EEDA4B0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{418EA750-F672-4C0F-B995-68D8373A4CEE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{419A65C7-C92F-4B13-ACF3-B0C4164DB245}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{41D92FE7-BF4F-4BD8-AAFB-8ED5E7CAD579}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{443DB1AA-5043-42C1-9ECF-E0F4A1C601A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{44972576-8E4E-42DE-90B9-634D967A7155}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4603217F-FA7D-4895-BB03-0CAB96AC42AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A24E2D2-3179-4886-9543-197C591A6AB0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{4CE6A85F-A204-40DC-A6E4-B20703B3F44C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50A400C1-E3C0-4343-B5E3-A38374A22DA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{515828B8-DD57-4102-8AF7-6D8AB2FBD7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{53DF5E80-6882-4499-BFC3-190DD6201997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{54DFCE6A-D028-4F94-9DAA-78719DDB4564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{597F2FE9-2DAE-4D06-8AFD-1584B5F2BD77}" = protocol=6 | dir=in | app=c:\users\jake\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5E14B409-2286-4665-B2CF-41C14F4CD285}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{639E2A31-D405-4528-976D-7B41ABA1BE98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67FAADF0-9859-46CF-9FB3-B901DF8AD6A7}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{714F2D64-6441-452A-A20C-10387A8F14D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{71E40918-35B0-42BC-A879-A4D21905AA7E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{720EE828-FE80-4005-9D30-DEE869F9E9AD}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{7372B122-7940-4BE0-8D4F-76CB207062F5}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{775383BF-2EF5-4BEB-AAAA-B08C9ED5D3E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77AFD7C2-8353-44DD-A147-839631E57A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{79236CF6-6663-4170-BED8-4DD960F0859E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{7BA1346F-DEE0-4A15-A19C-5A0C609EF3BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{832FD206-AB69-4C03-9D4C-332FF0AA43ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{86DAB985-15EF-4474-9310-07147D4962AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{893CC9E2-3B45-4FD6-8E06-C6A57C433953}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{89B961D2-D2D6-4ADD-B158-3A9093ABABAD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8AA94D97-23EC-4476-A1AB-9FD905CE60EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8D894F94-C35C-40D2-B04F-FFBE44931DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{8F67FFB9-A94D-48D0-AE0E-7039271FF1BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{9484FCA1-62A4-47E4-AE37-E128BAFC9783}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9AD2BE2B-6A40-4489-92A0-539A2E83114B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{9C739EDF-B304-4BBC-8211-4DDE33723639}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9E2F0021-51A5-4620-9B5F-64737D5CAB38}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe | 
"{A014432A-0B57-4F7C-B620-E885D05CDBC5}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A37678D4-79CE-488F-AAEE-80020B96B03C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{A8D40A92-1376-4BCA-B015-DCD6EFA330A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{AAA0CD66-A257-4309-BD60-375C81470624}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AE1349EA-42F7-40F4-9F2B-052E0CF702B2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AE4EB5D6-165E-4EB6-9D64-E685D13ED5BB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AF84DD64-49B8-4053-B369-403DB0D6E22E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B0611F3F-B2AF-405E-906A-BCF606B9B813}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B40F2837-ED1F-425C-B462-72180357D71A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B6043E10-BF07-40AD-808B-805F5B0D77FC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BB45A221-4B40-4547-826A-9FB588F6EE0E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 alpha trial\bf3.exe | 
"{BD22035E-1EAA-4A19-821D-95EC5E6B4A87}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{C375E107-5D3D-41E3-9BE1-3AC268905F00}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{C4A4BAB0-A8A2-4B3D-B0CD-E6F16101297A}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe | 
"{C9470B78-7388-4854-B083-FD39F3791F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{CCA52DB3-3708-4400-AA91-BE2674F6C42D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{D14050FB-80BB-46F5-ACD4-95FE7748FA9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DDFB8658-7229-4221-9C5A-5B2B69301614}" = protocol=58 | dir=in | [email protected],-28545 | 
"{DE001E19-E937-419C-8AC9-1582D5A0BABD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{DE35A246-565A-48C1-8965-4FA81AA3791F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{DF4E6A5E-2803-476F-8CAC-6F5066B69F16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{E0188211-1EBE-4FAC-807B-A03BDAAE1C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E07643AA-D004-4B5F-BF8D-D475B69ACC29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{E3F6B879-F7CE-431D-883C-F5D9208F0D00}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E5763E9C-1125-47E9-B5E4-1248083BDA19}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EACB5DE1-C71C-4A7E-BBFB-D630D52D4DBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EE5439F9-CB3D-40AE-9152-D6FAADD948B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EFC822CC-E639-4FCE-BDD9-45130563B44F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F98AB849-0351-4370-8799-F3387EE2D8E6}" = protocol=58 | dir=out | [email protected],-28546 | 
"{FA2BE688-C9F5-4D12-AFF5-8DF8D4F2D9FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{FA7341D6-753F-4B40-9283-C37A5F18313B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCC13BD2-ED37-4CDE-BA99-649715B79290}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{1BD42C19-58D2-4431-8D5E-4F235D8B333B}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{3E0260A9-5FFE-4334-B698-816553F66E47}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
"TCP Query User{CDB93299-4D2D-4324-A744-5CAA5958FAAB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{F7E75C61-59A3-4C62-B8DA-4852C733F599}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{FBC4E2ED-50C5-4FC4-A8C9-8E55FCDB37DD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{112CD758-5644-4ABD-BD83-11AD583E7638}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"UDP Query User{1FEDB26D-43B4-4859-900F-4FDA4CAB9402}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{64057518-D08F-4A0A-A67B-32201D655E59}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"UDP Query User{CE55407E-5EEB-479D-A91C-66EBE008B2A5}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ps3 media server\jre64\bin\javaw.exe | 
"UDP Query User{E6C42679-20B4-4A42-BF02-9B9FD88CFAC2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1179B5C1-663C-43EC-A97A-3942D5F6A7DE}" = Nitro Pro 7
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{37D0157F-45C6-4DB2-9AE5-489DD98CE169}" = iTunes
"{574634E2-87F7-1DC7-082B-483C41E4989E}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD1C9AC-06C1-ADE7-EEA6-A8189C1CE12C}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel® PROSet/Wireless WiFi Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81478D19-5EF8-41D2-BBFE-CCC97EF95547}" = Nitro Pro 9
"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 beta 4 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update
"{03703CBB-563D-45CE-8B35-CB04CAB258BE}" = Intel® WiDi
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}" = Intel Digital Logo
"{06a2bb12-aa54-4fc8-8a80-785b545238ce}" = Nitro Pro 9
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{085128A1-6ECE-5F41-AEFB-AA00C03DE2B2}" = CCC Help Chinese Traditional
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BD0A7E9-7768-8657-2FF3-9D2658900C61}" = Catalyst Control Center InstallProxy
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{317243C1-6580-4F43-AED7-37D4438C3DD5}" = Adobe After Effects CC
"{32878DE0-C562-75B4-3AC1-AEDD4BF6C47F}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{396B5D0E-B9E1-D76F-E193-9DFC69459256}" = CCC Help Chinese Standard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = BF3 Alpha Trial
"{46388DD0-FB3A-E069-4DAE-8373C3D2E4DE}" = CCC Help English
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}" = Adobe Premiere Pro CC
"{51C48A1E-F21B-7915-B29C-0277024A1523}" = Catalyst Control Center Profiles Mobile
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55F06C3E-27F5-E882-8BAE-C5746C4EF0D6}" = CCC Help Korean
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BFFED41-02E0-1650-9ABB-EFCE60AECADB}" = CCC Help Thai
"{62014E49-BCD9-89B6-F23C-2D14A1011202}" = CCC Help Russian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A63618B-F966-F8A1-9BAF-6389F14BAA72}" = CCC Help Polish
"{6C302296-6129-4125-9FD6-2188ECD8814E}" = HP Software Framework
"{6C5ACD74-A9A1-594E-34FB-5A715AFAC603}" = CCC Help French
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{713AF5DD-6405-11E5-1617-CD92AA9AC11C}" = CCC Help Hungarian
"{7270C835-15DB-4236-B235-DD6B2EBBD4BA}" = HP CoolSense
"{7339E7E7-FB6A-46EC-8303-D31E655EF617}" = Toddler Keys
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7A948E96-26F9-4FC6-3E41-E1F2A1A919A3}" = CCC Help Dutch
"{7CB446BD-7D60-B512-99AB-B7DF270635A0}" = CCC Help Spanish
"{7FFA687E-7766-5828-6178-7C3DBD3055EB}" = CCC Help Swedish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8EBC366D-A2C4-F58D-259F-2526BA363D01}" = CCC Help Turkish
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FADDF24-A5D5-484E-85E0-2061CAB5175B}" = Similarity 1.6.2
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9410A0FF-6600-5AEB-9E2E-9676C2D67F02}" = CCC Help Japanese
"{9478177E-2EC7-0ADC-BA45-A689D0469361}" = CCC Help German
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4A1589-BA95-4BE6-43F6-253685B699AB}" = Catalyst Control Center Localization All
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82F706D-6456-4E76-A037-4A00C4F0259D}" = HP Documentation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACAA0152-96A4-4D93-92F5-1B4728C3D984}" = HP Product Detection
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2C45229-65A0-4738-B9CB-C5A41634FBB1}" = 2d3 SteadyMove for Adobe Premiere Pro 2.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}" = Adobe Video Suite Extras
"{B5E692A5-BC19-6C21-0F4C-53AE1530A238}" = Catalyst Control Center Graphics Previews Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6E4856C-6441-75D2-E10F-D20A54229245}" = CCC Help Finnish
"{B727C693-3630-374E-ECD3-FB4F8E57FFD8}" = Catalyst Control Center
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B916AABC-0072-2E97-205F-221B38E073EF}" = CCC Help Czech
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BF530C5C-0171-6C11-866C-FC8DC7771DB9}" = CCC Help Portuguese
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2B96A74-2098-494E-2AC4-D3629DA90D8A}" = CCC Help Greek
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44322E1-D6B0-5BDE-346D-77E55CF7B191}" = CCC Help Italian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}" = Adobe Audition CC
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED23DD3D-8BAF-D21A-7958-91363E575B15}" = CCC Help Norwegian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F2321021-08A2-44D6-B1DF-BDB415F23EC3}" = Adobe Illustrator CC
"{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AudibleDownloadManager" = Audible Download Manager
"AVS Image Converter_is1" = AVS Image Converter 2.2.1.209
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"Color Finesse" = Color Finesse
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar" = ESN Sonar
"FlashGet" = FlashGet 1.9.6.1073
"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar
"HotspotShield" = Hotspot Shield 2.90
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Keylight 1.1v1 for After Effects_is1" = Keylight 1.1v1 for After Effects 7.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Origin" = Origin
"PremElem90" = Adobe Premiere Elements 9
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"RawShooter essentials 2006" = RawShooter essentials 2006
"Replay Music4.40B" = Replay Music
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SpeedFan" = SpeedFan (remove only)
"Steam App 205790" = Dota 2 Test
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Google Chrome SxS" = Google Chrome Canary
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/22/2014 4:23:50 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18105398
 
Error - 7/22/2014 4:23:51 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/22/2014 4:23:51 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18106397
 
Error - 7/22/2014 4:23:51 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18106397
 
Error - 7/22/2014 4:23:52 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 7/22/2014 4:23:52 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18107411
 
Error - 7/22/2014 4:23:52 PM | Computer Name = Jake-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18107411
 
Error - 7/22/2014 4:23:58 PM | Computer Name = Jake-HP | Source = Google Update | ID = 20
Description = 
 
Error - 7/22/2014 5:35:45 PM | Computer Name = Jake-HP | Source = Google Update | ID = 20
Description = 
 
Error - 7/22/2014 5:45:05 PM | Computer Name = Jake-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Adobe Premiere Pro.exe, version: 7.2.2.33,
 time stamp: 0x532c3999  Faulting module name: MSVCR100.dll, version: 10.0.30319.1,
 time stamp: 0x4ba220dc  Exception code: 0x40000015  Fault offset: 0x00000000000760d9
Faulting
 process id: 0x1d20  Faulting application start time: 0x01cfa59b49a1070f  Faulting application
 path: C:\Program Files\Adobe\Adobe Premiere Pro CC\Adobe Premiere Pro.exe  Faulting
 module path: C:\Program Files\Adobe\Adobe Premiere Pro CC\MSVCR100.dll  Report Id:
 70c7345b-11e9-11e4-b568-88532e034fde
 
[ Hewlett-Packard Events ]
Error - 11/7/2012 11:50:30 AM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/9/2012 2:23:51 PM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/16/2012 2:55:15 PM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
 
   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6091  Ram Utilization: 50  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 11/26/2012 4:10:42 AM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/6/2013 2:27:36 AM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/6/2013 2:29:23 AM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/6/2013 2:30:08 AM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/7/2013 1:23:18 PM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 3/15/2013 1:47:30 PM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 3/15/2013 1:47:30 PM | Computer Name = Jake-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ Media Center Events ]
Error - 8/16/2011 1:15:58 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 10:15:58 AM - Error connecting to the internet.  10:15:58 AM -     Unable
 to contact server..  
 
Error - 8/16/2011 1:16:03 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 10:16:03 AM - Error connecting to the internet.  10:16:03 AM -     Unable
 to contact server..  
 
Error - 8/17/2011 1:47:23 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 10:47:23 AM - Error connecting to the internet.  10:47:23 AM -     Unable
 to contact server..  
 
Error - 8/17/2011 1:47:33 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 10:47:29 AM - Error connecting to the internet.  10:47:29 AM -     Unable
 to contact server..  
 
Error - 9/2/2011 2:52:12 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 11:52:12 AM - Error connecting to the internet.  11:52:12 AM -     Unable
 to contact server..  
 
Error - 9/2/2011 2:52:21 PM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 11:52:17 AM - Error connecting to the internet.  11:52:17 AM -     Unable
 to contact server..  
 
Error - 9/17/2011 8:40:20 AM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 5:40:20 AM - Failed to retrieve Broadband (Error: The operation has
 timed out)  
 
Error - 9/17/2011 9:41:07 AM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 6:41:05 AM - Error connecting to the internet.  6:41:05 AM -     Unable
 to contact server..  
 
Error - 9/19/2011 6:43:54 AM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 3:43:54 AM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 9/19/2011 6:44:15 AM | Computer Name = Jake-HP | Source = MCUpdate | ID = 0
Description = 3:44:15 AM - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server)  
 
[ OSession Events ]
Error - 9/21/2013 12:57:59 AM | Computer Name = Jake-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 212053
 seconds with 58560 seconds of active time.  This session ended with a crash.
 
Error - 9/22/2013 11:33:21 PM | Computer Name = Jake-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167705
 seconds with 29160 seconds of active time.  This session ended with a crash.
 
Error - 10/15/2013 4:24:48 PM | Computer Name = Jake-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1961470
 seconds with 101880 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/17/2014 12:44:45 AM | Computer Name = Jake-HP | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 0.0.0.0 with
 the system  having network hardware address 00-00-00-00-00-00. Network operations
 on this system may  be disrupted as a result.
 
Error - 7/17/2014 2:33:18 AM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 7/18/2014 3:04:12 AM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 7/18/2014 8:54:58 PM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 7/19/2014 3:17:32 AM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 7/21/2014 4:02:26 AM | Computer Name = Jake-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:01:17 AM on ?7/?21/?2014 was unexpected.
 
Error - 7/21/2014 10:41:35 AM | Computer Name = Jake-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:39:18 AM on ?7/?21/?2014 was unexpected.
 
Error - 7/22/2014 4:53:56 AM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 7/22/2014 5:10:45 AM | Computer Name = Jake-HP | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 7/22/2014 6:48:43 AM | Computer Name = Jake-HP | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
 
< End of report >

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hey, jp550.  Thanks for the log.  I'm going over both of them now and will have to have my findings verified so it may be hours before I get back to you but I will return.

 

One question (because I know this will come up) on Hotspot Shield; is this a necessary application for you?  I just ask as it looks like the application is fine but the vendor is "paying" for it by allowing Conduit to be installed (or at least, that is the way it appears right now; I will verify that before I ask you to do anything at all).


  • 0

#5
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

One question (because I know this will come up) on Hotspot Shield; is this a necessary application for you?  I just ask as it looks like the application is fine but the vendor is "paying" for it by allowing Conduit to be installed (or at least, that is the way it appears right now; I will verify that before I ask you to do anything at all).

 

Hotspot isn't necessary anymore.  I used it when I lived overseas to access Pandora and haven't opened it since.


  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thanks for the information.  I have work to do and I'm off to do it.

 

Have a great evening, jp550.


  • 1

#7
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Tonight while browsing the web I was redirected to a "simplepcfix(dot)net" website which was trying to get me to download an (obviously malicious) "java update."  Thought that info might help.


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi jp550. I have finished scanning the logs you provided and would like to have the following done to start correcting the errors you are seeing. If you have any questions about anything I ask you to do, please stop, come back here and ask questions until you are clear on what to do and why.

Step1 - Manual Reset of Chrome Home page

Follow the steps below to reset the home page of Chrome; right now it is set to a malware owned start page.

Home Page - The Home Page is the page that the browser will open whenever you tell it start up. When you first open the browser, it loads your Home Page that is set in the browser's properties. To change the Home Page for Google Chrome, follow these directions:

1) Open Chrome and click on the menu button in the upper right corner of the browser. The Menu Button looks like three bars (see below).

Menubutton_zps786b9612.jpg

2) On the Menu that opens down, click on Settings to open the Settings page in Chrome.

Menudropdown_zps78855c3e.jpg

3) Look for the Appearance section in the Settings page and make sure the Show Home button box is checked. Then click on the blue Change next to New Tab Page.
Appearance_zps348843d2.jpg

4) A box will pop up and allow you to either set a New Tab Page as your home page or type a URL address for a Home Page ( for example, you could enter www.google.com there to set Google as your home page). Click OK when you have made the setting you want and the box will close. Close the Settings page when you are done making the changes to the Home Page.

Homepagesetting_zps4f152998.jpg


Warning - P2P type program on your system
 

:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: Pando Media Booster

Need more info? Read these:Step2 - Manually Uninstall some unwanted programs

Please uninstall the following programs by going to START > Control Panel > Programs & Features , highlight the program you want to uninstall (by finding it in the list and left clicking on it once), then click Uninstall at the bar above the list window. If there is an error in the Uninstall routine or the program is not listed, please make a note of that (write it down) and continue with the next program on the list. If an Uninstall routine asks for a reboot of your system, please do so before continuing on with the list.

Here is the list:
  • Hotspot Shield Toolbar
  • Hotspot Shield 2.90
  • Pando Media Booster
Step3 - Run the OTL fix scan


First, please move the OTL.exe file from the Downloads folder and place it on your desktop. Don't worry, we will clean it up later when we are done.

Note: The script text listed below is for this user / system only. Any other usage may lead to system damage and is not condoned or advised.

Please right click on the OTL file on your desktop and select Run as Administrator.

Copy the fix text in the code box below by clicking at the : in the left corner and dragging the mouse curser to the bottom past the ] in the last line, right click and select COPY.

Return to the OTL menu that is open, right click on the open box below Custom Scans/Fixes and select PASTE. If you did this properly, the first line in the Custom Scans/Fixes box should read :processes and the last line should read [EMPTYJAVA] .

Click on the Run Fix button.

OTL will process the fix text, close the desktop, reboot your system and produce a log file named MMDDYYYY_hhmmss.log . If the log is not opened in Notepad after the system reboots, you can find the file in the C:\_OTL\MovedFiles directory. Please copy and paste the log file contents in a reply post here.

This is the code box with the Fix Text to copy =>

 
:processes

:OTL
PRC - [2013/04/04 23:19:48 | 000,566,568 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/04/04 23:19:42 | 000,390,952 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/04/04 23:17:30 | 001,285,416 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/04/04 23:17:00 | 000,455,464 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
SRV - [2013/04/04 23:19:48 | 000,566,568 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/04/04 23:19:42 | 000,390,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/04/04 23:17:00 | 000,455,464 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/04/02 16:17:22 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
DRV:64bit: - [2013/04/02 17:54:24 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/04/02 16:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/01/04 16:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{54643B3A-3C64-4228-B076-13AFB5627ECD}: "URL" = http://search.condui...&ctid=CT1561552
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:3.6.2
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/09/19 20:30:15 | 000,000,000 | ---D | M] (Hotspot Shield Community Toolbar) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013/06/02 21:26:09 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Football News] C:\Program Files (x86)\Football News App\Football News.exe /minimized File not found
O4 - HKCU..\Run: [Microsoft] C:\Program Files (x86)\MSBuild\Microsoft\MSServices.lnk File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O33 - MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\Shell\AutoRun\command - "" = H:\fscommand\LS_Start_Launch.exe
O33 - MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\Shell\Launcher\command - "" = H:\Get_Started_with_LifeStudio.exe
[2014/06/24 13:15:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
@Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3E771A67
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C3306E71

:Services

:Reg

:Files
C:\Program Files (x86)\Hotspot Shield
C:\Windows\SysNative\drivers\hssdrv6.sys
C:\Windows\SysNative\drivers\taphss6.sys
C:\Windows\SysNative\drivers\taphss.sys
ipconfig /flushdns /c

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]


Step4 - Fresh OTL Quick Scan

Please run a fresh OTL Quick Scan and post the log here.

Right click on the OTL icon and select Run as Administrator. Make sure all other windows are closed and to let the tool run uninterrupted.
Click the Quick Scan button. The scan won't take long.
When the scan completes, it will open one notepad window with OTL.Txt in it. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this files and paste it into your reply. Thank you.


Things to include in your next reply:
  • Did the reset of the Chrome Home page go well and stay put (is it still what you set it at)?
  • Did the uninstalls go ok? Any messages from the OS about "couldn't find the uninstall file" or anything like that?
  • The OTL Fix run scan log.
  • The fresh OTL Quick scan log (after the Fix run).
  • Any questions you have.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hey man sorry for lack of my response.  Been busy with work and when the topic was closed I forgot to ask for it to be reopened.  I ran the fix, still having issues however.  Pc is slow, and I randomly will be redirected on chrome to a webpage asking me to install flash.  The redirect happens rarely, but occurs nonetheless.

 

What really sucks is that my video editing performance is terrible.  Quite a bummer since I'm on a deadline right now with work and the lag makes things difficult.

 

Heres fix log: All processes killed

========== PROCESSES ==========
========== OTL ==========
No active process named openvpnas.exe was found!
No active process named hsswd.exe was found!
No active process named openvpntray.exe was found!
No active process named HssSrv.exe was found!
Error: No service named hshld was found to stop!
Service\Driver key hshld not found.
File C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe not found.
Error: No service named HssWd was found to stop!
Service\Driver key HssWd not found.
File C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe not found.
Error: No service named HssSrv was found to stop!
Service\Driver key HssSrv not found.
File C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe not found.
Error: No service named HssTrayService was found to stop!
Service\Driver key HssTrayService not found.
File C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe not found.
Error: No service named HssDRV6 was found to stop!
Service\Driver key HssDRV6 not found.
C:\Windows\SysNative\drivers\hssdrv6.sys moved successfully.
Service taphss6 stopped successfully!
Service taphss6 deleted successfully!
C:\Windows\SysNative\drivers\taphss6.sys moved successfully.
Service taphss stopped successfully!
Service taphss deleted successfully!
C:\Windows\SysNative\drivers\taphss.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54643B3A-3C64-4228-B076-13AFB5627ECD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54643B3A-3C64-4228-B076-13AFB5627ECD}\ not found.
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "Hotspot Shield Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Bing" removed from browser.search.selectedEngine
Prefs.js: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.15.1.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:3.6.2 removed from extensions.enabledAddons
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\Plugins folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\modules folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome folder moved successfully.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\ not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll moved successfully.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll moved successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
File C:\Program Files (x86)\Hotspot_Shield\prxtbHot0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Football News deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c655056-bbb7-11e0-b0ee-88532e034fde}\ not found.
File H:\fscommand\LS_Start_Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c655056-bbb7-11e0-b0ee-88532e034fde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c655056-bbb7-11e0-b0ee-88532e034fde}\ not found.
File H:\Get_Started_with_LifeStudio.exe not found.
C:\Windows\SysWow64\Hotspot Shield\config\hsspx\hsspxie folder moved successfully.
C:\Windows\SysWow64\Hotspot Shield\config\hsspx folder moved successfully.
C:\Windows\SysWow64\Hotspot Shield\config folder moved successfully.
C:\Windows\SysWow64\Hotspot Shield folder moved successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
ADS C:\ProgramData\Temp:3E771A67 deleted successfully.
ADS C:\ProgramData\Temp:C3306E71 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Hotspot Shield not found.
File\Folder C:\Windows\SysNative\drivers\hssdrv6.sys not found.
File\Folder C:\Windows\SysNative\drivers\taphss6.sys not found.
File\Folder C:\Windows\SysNative\drivers\taphss.sys not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jake\Desktop\cmd.bat deleted successfully.
C:\Users\Jake\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jake
->Temp folder emptied: 5671428603 bytes
->Temporary Internet Files folder emptied: 437278031 bytes
->Java cache emptied: 1040179 bytes
->FireFox cache emptied: 82639614 bytes
->Google Chrome cache emptied: 249663756 bytes
->Flash cache emptied: 139570 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1445012752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55409781 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,575.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Jake
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Jake
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08062014_165051
 
Files\Folders moved on Reboot...
C:\Users\Jake\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Here is the new logfile
----OTL logfile created on: 9/4/2014 10:59:59 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.95 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 58.21% Memory free
11.90 Gb Paging File | 9.06 Gb Available in Paging File | 76.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.98 Gb Total Space | 58.78 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive D: | 17.36 Gb Total Space | 0.70 Gb Free Space | 4.01% Space Free | Partition Type: NTFS
Drive F: | 98.87 Mb Total Space | 84.74 Mb Free Space | 85.71% Space Free | Partition Type: FAT32
Drive G: | 2794.51 Gb Total Space | 1593.84 Gb Free Space | 57.03% Space Free | Partition Type: NTFS
 
Computer Name: JAKE-HP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/29 19:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/22 17:15:56 | 002,694,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/07/22 16:26:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
PRC - [2014/07/16 11:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2014/07/03 06:25:22 | 000,490,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/06/21 22:09:20 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/15 23:42:10 | 000,202,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2014/03/13 14:46:36 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2014/02/19 06:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2013/03/14 10:20:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011/10/12 23:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/10/12 23:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2011/07/31 14:20:39 | 000,215,128 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/07/09 12:46:05 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/11 11:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/01/14 11:01:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/14 11:01:38 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/02 01:15:25 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0da5161052b8e8578dff48eab695c6da\IAStorUtil.ni.dll
MOD - [2014/09/02 01:15:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a4a885deeaf32fba243661226c548b8b\IAStorCommon.ni.dll
MOD - [2014/09/01 20:09:56 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\60fb8e53f166fb5cbb8df6b5e56fd982\System.Web.ni.dll
MOD - [2014/09/01 20:09:49 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6118ba45622c803f66496fafed74b27\System.Runtime.Remoting.ni.dll
MOD - [2014/09/01 20:09:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fcb27b5b7273ccf95fe76c2fef4e361d\System.Windows.Forms.ni.dll
MOD - [2014/09/01 20:09:11 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a49160a28d4538e8b7a995bec585bee2\System.Drawing.ni.dll
MOD - [2014/09/01 20:09:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77a5be689fd2536438df404cf1807cb7\System.Xml.ni.dll
MOD - [2014/09/01 20:09:02 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\91373fee1bff77a19b766fd2f64adf33\System.Configuration.ni.dll
MOD - [2014/09/01 20:08:47 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\91e5d52c9cdce0ea2394ff2995daaa8f\WindowsBase.ni.dll
MOD - [2014/09/01 20:08:44 | 007,966,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ed38015ff19ebcadf95516c455d5898\System.ni.dll
MOD - [2014/09/01 20:08:38 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0bad761ef9ed6ba2889f48fc47f71825\mscorlib.ni.dll
MOD - [2014/08/29 19:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppgooglenaclpluginchrome.dll
MOD - [2014/08/29 19:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014/08/29 19:49:33 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
MOD - [2014/08/29 19:49:31 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
MOD - [2014/08/29 19:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014/07/16 11:05:50 | 005,558,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2014/07/03 06:45:40 | 032,733,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
MOD - [2014/07/03 06:45:40 | 000,742,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libGLESv2.dll
MOD - [2014/07/03 06:45:40 | 000,136,576 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libEGL.dll
MOD - [2014/06/15 23:40:38 | 002,124,256 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2014/06/15 23:39:20 | 007,422,144 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2014/06/15 23:39:18 | 002,453,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2014/06/15 23:39:18 | 001,269,952 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2014/06/15 23:39:18 | 000,794,816 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2014/06/15 23:39:18 | 000,192,704 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 06:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 06:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/13 14:46:26 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe -- (NitroDriverReadSpool9)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/20 09:12:00 | 000,341,792 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2011/04/12 23:58:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/22 01:10:26 | 001,136,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/23 20:20:56 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/04 16:34:20 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/02/04 16:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/04 16:19:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/01/26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/07/15 19:28:18 | 000,542,912 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/15 23:42:10 | 000,202,080 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/13 14:46:36 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/14 10:20:56 | 000,311,184 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/31 14:20:39 | 000,215,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/07/09 12:46:05 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/07/09 10:23:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/01/14 11:01:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/14 11:01:38 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/23 13:35:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/21 09:23:48 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/31 16:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/04/30 00:44:04 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/26 11:04:24 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/04/26 11:04:22 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/04/26 11:04:20 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/13 01:50:28 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/12 23:17:16 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/07 17:22:12 | 000,029,800 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/03/22 01:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/09 12:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 02:24:50 | 000,053,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/01/24 02:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 01:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/24 03:43:40 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.6.0.11664
FF - prefs.js..extensions.enabledAddons: [email protected]:4.2.4
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/03/14 10:13:04 | 000,136,309 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/11 06:43:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 03:36:14 | 000,010,691 | ---- | M] ()
 
[2011/12/11 06:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Extensions
[2014/09/03 11:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions
[2014/09/02 12:51:17 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\extensions\[email protected]
[2013/05/29 17:53:55 | 000,001,793 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\searchplugins\Bing.xml
[2014/08/06 16:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/27 20:34:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/21 09:34:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/11/20 21:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/20 18:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/20 18:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Disabled) = C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll
CHR - plugin: Dragon NaturallySpeaking Rich Internet Application Support (Disabled) = C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
CHR - plugin: Pando Web Plugin (Disabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - default_search_provider: 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF ()
CHR - default_search_provider: search_url = 44647575B63D70711C364D4F0B4B09BA85F1F2963284D69B79C2B5B5E1008FD8
CHR - default_search_provider: suggest_url = 
CHR - homepage: DC9302E92ADEB91EDC640F13521281BD2EF4BC4AE134927BFE298C32D6B4E9D0
CHR - Extension: Google Slides = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Google Docs = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Sheets = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1781379F-4612-41F8-83B7-5B3A1039374F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F06906-2EAA-4350-B92C-A7D238FCAF1E}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/23 21:02:32 | 000,000,037 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/03 11:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/03 11:31:43 | 000,000,000 | -HSD | C] -- C:\Users\Jake\AppData\Local\EmieUserList
[2014/09/03 11:31:43 | 000,000,000 | -HSD | C] -- C:\Users\Jake\AppData\Local\EmieSiteList
[2014/09/03 11:13:55 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2014/09/03 11:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/09/02 14:02:58 | 000,652,288 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2014/09/02 09:23:37 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Windows Live
[2014/09/02 09:23:18 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\{CA5DADB9-9E1A-40ED-BE43-EE04C2E4CD0B}
[2014/09/01 19:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/09/01 19:01:20 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/09/01 18:55:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/08/31 20:20:37 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\chc
[2014/08/31 16:59:42 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\steelhead for ben
[2014/08/17 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\PluralEyes 3
[2014/08/17 18:17:41 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\PluralEyes
[2014/08/17 18:17:38 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Red_Giant_LLC
[2014/08/17 18:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Red Giant
[2014/08/17 18:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Giant Link
[2014/08/17 18:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Red Giant
[2014/08/17 18:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
[2014/08/17 18:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2014/08/17 18:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Red Giant
[2014/08/17 18:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Giant
[2014/08/17 18:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\RedGiant
[2014/08/16 20:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/08/16 20:31:46 | 000,000,000 | ---D | C] -- C:\Riot Games
[2014/08/16 20:31:08 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\PMB Files
[2014/08/16 20:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2014/08/08 17:49:27 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\tom interview audio files
[2014/08/08 17:42:55 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\tom interview footage
[2014/08/07 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\New folder (4)
[2014/08/06 18:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014/08/06 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/08/06 16:50:51 | 000,000,000 | ---D | C] -- C:\_OTL
[5 C:\Users\Jake\Documents\*.tmp files -> C:\Users\Jake\Documents\*.tmp -> ]
[1 C:\Users\Jake\Desktop\*.tmp files -> C:\Users\Jake\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/04 10:59:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
[2014/09/04 10:56:03 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/04 10:56:03 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/04 10:56:03 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/04 10:52:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/04 10:51:50 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
[2014/09/04 10:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/04 08:06:34 | 000,002,414 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
[2014/09/04 08:04:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/04 08:04:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/04 07:55:17 | 000,002,283 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/04 07:55:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/04 07:54:29 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/03 11:44:45 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/03 11:25:08 | 001,513,083 | ---- | M] () -- C:\Users\Jake\Desktop\bookmarks nine three.html
[2014/09/03 11:14:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJake.job
[2014/09/03 11:13:51 | 000,001,077 | ---- | M] () -- C:\Users\Jake\Desktop\Kaspersky Security Scan.lnk
[2014/09/03 10:51:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
[2014/09/03 10:48:55 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
[2014/09/02 09:29:33 | 126,980,766 | ---- | M] () -- C:\Users\Jake\Desktop\steelhead edit.wmv
[2014/09/02 09:24:24 | 000,002,271 | ---- | M] () -- C:\Users\Jake\Desktop\My Movie.wlmp
[2014/09/02 09:10:14 | 187,910,148 | ---- | M] () -- C:\Users\Jake\Desktop\steelhead draft 1.mpg
[2014/09/02 01:01:15 | 000,001,047 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/01 20:02:29 | 005,087,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/31 18:21:49 | 000,000,033 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
[2014/08/28 11:38:45 | 002,163,988 | ---- | M] () -- C:\Users\Jake\Desktop\IMG_2822.JPG
[2014/08/19 14:09:02 | 000,001,013 | ---- | M] () -- C:\Users\Jake\Desktop\Dropbox.lnk
[2014/08/11 09:34:47 | 000,074,218 | ---- | M] () -- C:\Users\Jake\Desktop\new timesheet.pdf
[2014/08/09 15:24:32 | 507,287,556 | ---- | M] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
[2014/08/09 15:24:32 | 000,005,085 | ---- | M] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
[2014/08/07 21:44:41 | 400,331,133 | ---- | M] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
[2014/08/07 14:12:41 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
[2014/08/07 13:42:45 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
[2014/08/06 18:58:23 | 000,001,401 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/08/06 15:39:33 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[5 C:\Users\Jake\Documents\*.tmp files -> C:\Users\Jake\Documents\*.tmp -> ]
[1 C:\Users\Jake\Desktop\*.tmp files -> C:\Users\Jake\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/03 11:44:45 | 000,002,283 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/03 11:44:45 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/03 11:25:08 | 001,513,083 | ---- | C] () -- C:\Users\Jake\Desktop\bookmarks nine three.html
[2014/09/03 11:13:56 | 000,001,077 | ---- | C] () -- C:\Users\Jake\Desktop\Kaspersky Security Scan.lnk
[2014/09/02 09:25:13 | 126,980,766 | ---- | C] () -- C:\Users\Jake\Desktop\steelhead edit.wmv
[2014/09/02 09:24:24 | 000,002,271 | ---- | C] () -- C:\Users\Jake\Desktop\My Movie.wlmp
[2014/09/02 09:16:42 | 187,910,148 | ---- | C] () -- C:\Users\Jake\Desktop\steelhead draft 1.mpg
[2014/09/02 01:01:15 | 000,001,047 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/31 18:21:49 | 000,000,033 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
[2014/08/17 18:17:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
[2014/08/11 04:28:03 | 000,074,218 | ---- | C] () -- C:\Users\Jake\Desktop\new timesheet.pdf
[2014/08/09 15:24:32 | 000,005,085 | ---- | C] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
[2014/08/09 15:24:19 | 507,287,556 | ---- | C] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
[2014/08/07 21:35:00 | 400,331,133 | ---- | C] () -- C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
[2014/08/07 14:34:58 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
[2014/08/07 14:12:41 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
[2014/08/07 14:12:41 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
[2014/08/07 14:10:03 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
[2014/08/07 14:01:26 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2014/08/07 13:59:39 | 000,001,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
[2014/08/07 13:42:45 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
[2014/08/07 13:42:45 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
[2014/08/07 13:25:21 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
[2014/08/07 12:36:27 | 000,001,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
[2014/08/07 11:16:53 | 000,001,483 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
[2014/08/07 10:45:50 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
[2014/08/07 10:36:19 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
[2014/08/06 18:58:23 | 000,001,401 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/08/06 16:23:19 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
[2014/08/06 15:52:03 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
[2014/08/06 15:39:33 | 000,001,313 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2014/08/06 15:39:33 | 000,001,301 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2013/09/18 10:58:15 | 000,002,275 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\SAS7_000.DAT
[2011/12/20 14:04:24 | 000,003,382 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\art.png
[2011/10/29 11:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Jake\AppData\Local\{A547B8C0-8B8A-4ACB-9CF7-6438AFDF1905}
[2011/10/29 11:31:33 | 000,000,000 | ---- | C] () -- C:\Users\Jake\AppData\Local\{677F834C-5263-4E88-A155-AA7ADCD82139}
[2011/08/10 20:35:32 | 000,011,270 | ---- | C] () -- C:\Users\Jake\UserCustomPreset_Adobe Premiere Pro 2.0.vpr
[2011/07/20 22:59:47 | 000,000,028 | ---- | C] () -- C:\Users\Jake\Adobe Encore DVD_VUI.pref
[2011/07/09 13:00:54 | 000,007,621 | ---- | C] () -- C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/30 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Battle.net
[2014/08/31 20:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\chc
[2011/10/03 09:03:34 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/02 16:34:00 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/07/09 10:46:13 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\DAEMON Tools Pro
[2014/04/04 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Downloaded Installations
[2014/09/04 07:56:41 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Dropbox
[2011/07/27 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\FlashGet
[2013/09/18 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\GetRightToGo
[2011/07/08 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\IDT
[2013/06/25 15:04:19 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Leadertech
[2011/07/08 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\LolClient
[2014/04/04 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nitro
[2014/08/24 22:44:12 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nitro PDF
[2013/09/18 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Nuance
[2011/07/29 12:35:24 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Origin
[2012/07/26 14:51:25 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Pixmantec
[2014/08/17 18:13:10 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Red Giant
[2012/08/21 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\redsn0w
[2014/08/16 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Riot Games
[2011/09/21 06:57:24 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Similarity
[2011/07/07 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\Synaptics
[2011/07/29 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\SystemRequirementsLab
[2011/09/02 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\Jake\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 250 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
 
< End of report >

  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

jp550,
 
Sorry for the problems and I do understand about life getting "in the way" so to speak.  I will try and get you fixed as soon as possible.  Since it has been some time, I'd like to get a look with a few different scanners, please, and ask a few questions.
 
Questions first:
1)  Are your only AV / AS programs the McAfee Security Scanner and Kaspersky Security Scanner?  Do you have a real time scanner as I'm not seeing it in the logs?
2)  Pando Media Booster - is this needed for your work?
 
Now some scans, please:
 
1) FRST64
 
Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

2)  aswMBR
 
Download aswMBR.exe  to your desktop. If you already have this application, this is a new version I need you to download.
 
Double click the aswMBR.exe to run it
 
aswMBR1.png
 
Click the "Scan" button to start scan
 
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.
 
msgbox.png
 
On completion of the scan click Save Log, save it to your desktop and post in your next reply
 
aswMBR2.png
 
The tool will also produce a copy of the mbrdump labeled MBR.dat. Please zip that file and attach it to a reply.

 

Things to reply with (please):

  • FRST.txt log text.
  • Addition.txt log text.
  • aswMBR.txt log text.
  • Answer to the questions.
  • Anything else you feel I should know.

  • 0

#12
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Thanks so much Dbreeze.  You are awesome.

 

For asawmbr, Im getting an option to download the  latest Avast Free scanner for better results.  Should I do this?


  • 0

#13
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Jake (administrator) on JAKE-HP on 04-09-2014 13:25:48
Running from C:\Users\Jake\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774312 2011-04-30] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1502776 2011-03-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe [247968 2011-12-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar -> C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF Plugin-x32: @esn/esnlaunch -> C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Jake\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jake\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: FoxyProxy Standard - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected] [2014-09-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-03-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> DC9302E92ADEB91EDC640F13521281BD2EF4BC4AE134927BFE298C32D6B4E9D0
CHR DefaultSearchKeyword: Default -> C301DC417E3F3F7FE664BAF5C604F2D6A1F09A7092233A9D60E90A9F20634E39
CHR DefaultSearchProvider: Default -> 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF
CHR DefaultSearchURL: Default -> 44647575B63D70711C364D4F0B4B09BA85F1F2963284D69B79C2B5B5E1008FD8
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-03]
CHR Extension: (Google Docs) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-03]
CHR Extension: (Google Drive) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-03]
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-03]
CHR Extension: (Google Sheets) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-03]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-03]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-07-09] (Adobe Systems) [File not signed]
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [341792 2011-12-20] (Nitro PDF Software)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-03-13] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-07-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215128 2011-07-31] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2010-12-24] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 13:25 - 2014-09-04 13:26 - 00029993 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-09-04 13:25 - 2014-09-04 13:25 - 00000000 ____D () C:\FRST
2014-09-04 13:21 - 2014-09-04 13:22 - 02104832 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-09-04 13:13 - 2014-09-04 13:14 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-03 14:53 - 2014-09-04 11:11 - 00137300 _____ () C:\Users\Jake\Desktop\OTL.Txt
2014-09-03 11:52 - 2014-09-03 11:52 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jake\Downloads\Shockwave_Installer_Slim.exe
2014-09-03 11:46 - 2014-09-03 11:46 - 00231760 _____ () C:\Users\Jake\Downloads\CrucialScan.exe
2014-09-03 11:44 - 2014-09-03 11:44 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 11:44 - 2014-09-03 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieUserList
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieSiteList
2014-09-03 11:25 - 2014-09-03 11:25 - 01513083 _____ () C:\Users\Jake\Desktop\bookmarks nine three.html
2014-09-03 11:13 - 2014-09-03 11:13 - 00001077 _____ () C:\Users\Jake\Desktop\Kaspersky Security Scan.lnk
2014-09-03 11:13 - 2014-09-03 11:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-09-03 11:13 - 2014-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-03 11:10 - 2014-09-03 11:10 - 00185816 _____ (Лаборатория Касперского) C:\Users\Jake\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5622.exe
2014-09-02 14:02 - 2011-03-17 04:14 - 00652288 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-09-02 09:25 - 2014-09-02 09:29 - 126980766 _____ () C:\Users\Jake\Desktop\steelhead edit.wmv
2014-09-02 09:24 - 2014-09-02 09:24 - 00002271 _____ () C:\Users\Jake\Desktop\My Movie.wlmp
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\Windows Live
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\{CA5DADB9-9E1A-40ED-BE43-EE04C2E4CD0B}
2014-09-02 09:16 - 2014-09-02 09:10 - 187910148 _____ () C:\Users\Jake\Desktop\steelhead draft 1.mpg
2014-09-01 21:27 - 2014-09-01 21:29 - 80989204 _____ () C:\Users\Jake\Downloads\step2.mp4
2014-09-01 20:15 - 2014-09-01 20:15 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-09-01 20:14 - 2014-09-01 20:14 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic.diagcab
2014-09-01 19:03 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 19:03 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-01 19:03 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 19:03 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 19:03 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 19:03 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 19:03 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-01 19:03 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-01 19:01 - 2014-09-01 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:55 - 2014-09-01 18:55 - 00000000 ____D () C:\Windows\pss
2014-09-01 18:46 - 2014-09-01 18:47 - 00134210 _____ () C:\Users\Jake\Downloads\Startup Programs (JAKE-HP) 2014-09-01 18.46.26.txt
2014-09-01 18:46 - 2014-09-01 18:46 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners (1).vbs
2014-09-01 18:45 - 2014-09-01 18:45 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners.vbs
2014-09-01 17:40 - 2014-09-01 18:42 - 00002527 _____ () C:\Users\Jake\Desktop\morro bay narration.txt
2014-08-31 20:20 - 2014-08-31 20:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\chc
2014-08-31 18:21 - 2014-08-31 18:21 - 00000033 _____ () C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
2014-08-31 16:59 - 2014-08-31 18:11 - 00000000 ____D () C:\Users\Jake\Desktop\steelhead for ben
2014-08-27 11:49 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 11:49 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 11:49 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 22:39 - 2014-08-24 22:39 - 00047846 _____ () C:\Users\Jake\Desktop\time sheet 824.xlsx
2014-08-17 18:17 - 2014-08-17 18:49 - 00000000 ____D () C:\Users\Jake\Documents\PluralEyes
2014-08-17 18:17 - 2014-08-17 18:17 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\Red_Giant_LLC
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\PluralEyes 3
2014-08-17 18:13 - 2014-08-17 18:13 - 00003648 _____ () C:\Windows\System32\Tasks\Red Giant Link
2014-08-17 18:13 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\ProgramData\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files\Red Giant
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant
2014-08-17 18:11 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\RedGiant
2014-08-17 18:09 - 2014-08-17 18:09 - 00000000 ____D () C:\Users\Jake\Downloads\SSuite_Win_Full
2014-08-17 15:05 - 2014-08-17 15:07 - 191873237 _____ () C:\Users\Jake\Downloads\SSuite_Win_Full.zip
2014-08-17 13:53 - 2014-08-17 13:53 - 35484078 _____ () C:\Users\Jake\Downloads\fishingimage_1.mp4
2014-08-16 22:59 - 2014-08-16 22:59 - 00000037 _____ () C:\Users\Jake\Desktop\new textrttt.txt
2014-08-16 21:32 - 2014-08-16 21:32 - 18117306 _____ () C:\Users\Jake\Downloads\ON_THE_SKAGIT_RIVER_NEAR_CONCRETE,_DAN_DUDLEY_OF_BELLEVUE_PLAYS_A_19^_POUND_STEEL_HEAD_TROUT_AS_GUIDE_KERRY_DUVALL..._-_NARA_-_552324.tif
2014-08-16 20:34 - 2014-08-16 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-16 20:31 - 2014-09-01 23:04 - 00000000 ____D () C:\Users\Jake\AppData\Local\PMB Files
2014-08-16 20:31 - 2014-09-01 22:02 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-16 20:31 - 2014-08-16 20:31 - 00000000 ____D () C:\Riot Games
2014-08-16 20:29 - 2014-08-16 20:30 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-16 14:11 - 2014-08-16 14:11 - 18324306 _____ () C:\Users\Jake\Downloads\FISHING_FOR_STEELHEAD_TROUT_ON_THE_SKAGIT_RIVER_NEAR_ROCKPORT._THE_SKAGIT_IS_ONE_OF_THE_FINEST_STEELHEAD_TROUT_RIVERS..._-_NARA_-_552325.tif
2014-08-14 18:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 18:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 18:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 18:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 18:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 18:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 18:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 18:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 18:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 18:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 18:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 18:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 18:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 18:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 18:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 18:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 18:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 18:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 18:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 18:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 18:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 18:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 18:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 18:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 18:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 18:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 18:43 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 18:43 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 18:43 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 18:43 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 18:43 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 18:43 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 18:43 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 18:43 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 18:43 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 18:43 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 18:43 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 18:43 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 18:43 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 18:43 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 18:43 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 18:43 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 18:43 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 18:43 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 18:43 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 18:43 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 18:43 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 18:43 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 18:43 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 18:43 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 18:43 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 18:43 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 18:43 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 18:43 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 18:43 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 18:43 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 18:43 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 18:43 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 18:43 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 18:43 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 18:43 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 18:43 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 18:43 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 18:43 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 18:43 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 18:43 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 18:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 18:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 04:13 - 2014-08-11 04:30 - 00047752 _____ () C:\Users\Jake\Downloads\FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-11 04:13 - 2014-08-11 04:13 - 00000165 ____H () C:\Users\Jake\Downloads\~$FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-10 22:01 - 2014-08-10 22:01 - 00000293 _____ () C:\Users\Jake\Desktop\newww.txt
2014-08-09 15:24 - 2014-08-09 15:24 - 507287556 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
2014-08-09 15:24 - 2014-08-09 15:24 - 00005085 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
2014-08-09 10:35 - 2014-08-09 10:36 - 69600946 _____ () C:\Users\Jake\Downloads\Morrow Bay Project_1.wav
2014-08-08 17:49 - 2014-08-08 17:50 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview audio files
2014-08-08 17:42 - 2014-08-08 17:59 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview footage
2014-08-07 22:20 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (4)
2014-08-07 21:35 - 2014-08-07 21:44 - 400331133 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
2014-08-07 21:34 - 2014-08-07 21:45 - 459769856 _____ () C:\Users\Jake\Downloads\Aquaculture Morro Bay FINAL (1).mpg
2014-08-07 14:34 - 2014-08-07 14:34 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00000999 _____ () C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
2014-08-07 14:10 - 2014-08-07 14:10 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-08-07 14:01 - 2014-08-07 14:01 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-08-07 13:59 - 2014-08-07 13:59 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-07 13:25 - 2014-08-07 13:25 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-08-07 12:36 - 2014-08-07 12:36 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-08-07 11:16 - 2014-08-07 11:16 - 00001483 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-08-07 10:45 - 2014-08-07 10:45 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
2014-08-07 10:36 - 2014-08-07 10:36 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-06 18:57 - 2014-08-06 18:57 - 26771088 _____ () C:\Users\Jake\Downloads\SeaToolsforWindowsSetup.exe
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\_OTL
2014-08-06 16:23 - 2014-08-06 16:23 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-08-06 15:52 - 2014-08-06 15:52 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 13:26 - 2014-09-04 13:25 - 00029993 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-09-04 13:25 - 2014-09-04 13:25 - 00000000 ____D () C:\FRST
2014-09-04 13:22 - 2014-09-04 13:21 - 02104832 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-09-04 13:16 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:16 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:14 - 2014-09-04 13:13 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-04 13:14 - 2011-07-15 15:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 13:14 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-04 13:12 - 2011-06-16 08:28 - 01750049 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 13:11 - 2014-05-14 10:34 - 00000000 ___RD () C:\Users\Jake\Dropbox
2014-09-04 13:11 - 2014-05-14 10:31 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Dropbox
2014-09-04 13:05 - 2011-11-01 03:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
2014-09-04 11:35 - 2013-12-09 00:30 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
2014-09-04 11:11 - 2014-09-03 14:53 - 00137300 _____ () C:\Users\Jake\Desktop\OTL.Txt
2014-09-04 07:58 - 2014-04-14 10:45 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (2)
2014-09-04 07:58 - 2011-07-07 21:16 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-09-04 07:55 - 2011-07-15 15:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 07:54 - 2010-11-20 20:47 - 00153782 _____ () C:\Windows\PFRO.log
2014-09-04 07:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 07:54 - 2009-07-13 21:51 - 00098132 _____ () C:\Windows\setupact.log
2014-09-03 15:11 - 2012-08-22 19:42 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\vlc
2014-09-03 13:30 - 2013-02-06 02:52 - 00000000 __SHD () C:\AI_RecycleBin
2014-09-03 13:28 - 2013-02-06 02:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-03 11:52 - 2014-09-03 11:52 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jake\Downloads\Shockwave_Installer_Slim.exe
2014-09-03 11:52 - 2011-05-18 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-03 11:46 - 2014-09-03 11:46 - 00231760 _____ () C:\Users\Jake\Downloads\CrucialScan.exe
2014-09-03 11:44 - 2014-09-03 11:44 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 11:44 - 2014-09-03 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-03 11:44 - 2011-07-15 15:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-03 11:44 - 2011-07-07 21:32 - 00000000 ____D () C:\Users\Jake\AppData\Local\Google
2014-09-03 11:35 - 2011-07-07 21:16 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2815F361-AA0F-4EE3-B026-1D56EF5556A0}
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieUserList
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieSiteList
2014-09-03 11:25 - 2014-09-03 11:25 - 01513083 _____ () C:\Users\Jake\Desktop\bookmarks nine three.html
2014-09-03 11:14 - 2014-06-27 15:38 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJake
2014-09-03 11:14 - 2014-06-27 15:38 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJake.job
2014-09-03 11:13 - 2014-09-03 11:13 - 00001077 _____ () C:\Users\Jake\Desktop\Kaspersky Security Scan.lnk
2014-09-03 11:13 - 2014-09-03 11:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-09-03 11:13 - 2014-09-03 11:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-03 11:13 - 2011-10-30 01:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-03 11:10 - 2014-09-03 11:10 - 00185816 _____ (Лаборатория Касперского) C:\Users\Jake\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5622.exe
2014-09-03 10:51 - 2011-11-01 03:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
2014-09-03 10:48 - 2013-12-09 00:30 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
2014-09-02 11:50 - 2014-05-15 15:38 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-02 09:29 - 2014-09-02 09:25 - 126980766 _____ () C:\Users\Jake\Desktop\steelhead edit.wmv
2014-09-02 09:24 - 2014-09-02 09:24 - 00002271 _____ () C:\Users\Jake\Desktop\My Movie.wlmp
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\Windows Live
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\{CA5DADB9-9E1A-40ED-BE43-EE04C2E4CD0B}
2014-09-02 09:10 - 2014-09-02 09:16 - 187910148 _____ () C:\Users\Jake\Desktop\steelhead draft 1.mpg
2014-09-02 03:00 - 2011-05-18 19:32 - 00000000 ____D () C:\ProgramData\Temp
2014-09-01 23:04 - 2014-08-16 20:31 - 00000000 ____D () C:\Users\Jake\AppData\Local\PMB Files
2014-09-01 22:02 - 2014-08-16 20:31 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-01 21:29 - 2014-09-01 21:27 - 80989204 _____ () C:\Users\Jake\Downloads\step2.mp4
2014-09-01 20:15 - 2014-09-01 20:15 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-09-01 20:14 - 2014-09-01 20:14 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic.diagcab
2014-09-01 20:02 - 2009-07-13 21:45 - 05087240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 19:36 - 2011-08-23 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-01 19:25 - 2014-05-10 10:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-01 19:14 - 2012-05-20 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 19:13 - 2012-05-20 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 19:13 - 2012-05-20 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 19:01 - 2014-09-01 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:55 - 2014-09-01 18:55 - 00000000 ____D () C:\Windows\pss
2014-09-01 18:47 - 2014-09-01 18:46 - 00134210 _____ () C:\Users\Jake\Downloads\Startup Programs (JAKE-HP) 2014-09-01 18.46.26.txt
2014-09-01 18:46 - 2014-09-01 18:46 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners (1).vbs
2014-09-01 18:45 - 2014-09-01 18:45 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners.vbs
2014-09-01 18:42 - 2014-09-01 17:40 - 00002527 _____ () C:\Users\Jake\Desktop\morro bay narration.txt
2014-09-01 17:26 - 2014-07-30 21:21 - 00000000 ____D () C:\Users\Jake\AppData\Local\Battle.net
2014-08-31 20:20 - 2014-08-31 20:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\chc
2014-08-31 18:27 - 2011-07-07 21:19 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-31 18:21 - 2014-08-31 18:21 - 00000033 _____ () C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
2014-08-31 18:11 - 2014-08-31 16:59 - 00000000 ____D () C:\Users\Jake\Desktop\steelhead for ben
2014-08-30 11:13 - 2012-01-27 08:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-30 11:13 - 2011-07-07 21:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-24 22:44 - 2012-01-04 13:27 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Nitro PDF
2014-08-24 22:39 - 2014-08-24 22:39 - 00047846 _____ () C:\Users\Jake\Desktop\time sheet 824.xlsx
2014-08-24 22:16 - 2011-07-07 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-22 19:07 - 2014-08-27 11:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 11:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 11:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:43 - 2014-07-30 21:25 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-22 12:42 - 2014-07-30 21:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-19 14:09 - 2014-05-14 10:34 - 00001013 _____ () C:\Users\Jake\Desktop\Dropbox.lnk
2014-08-19 14:09 - 2014-05-14 10:33 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 23:45 - 2014-05-01 12:47 - 00000000 ____D () C:\Users\Jake\Desktop\morro bay stuff
2014-08-17 18:49 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\Documents\PluralEyes
2014-08-17 18:17 - 2014-08-17 18:17 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\Red_Giant_LLC
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\PluralEyes 3
2014-08-17 18:17 - 2011-05-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 18:13 - 2014-08-17 18:13 - 00003648 _____ () C:\Windows\System32\Tasks\Red Giant Link
2014-08-17 18:13 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files\Red Giant
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant
2014-08-17 18:12 - 2014-08-17 18:11 - 00000000 ____D () C:\ProgramData\RedGiant
2014-08-17 18:09 - 2014-08-17 18:09 - 00000000 ____D () C:\Users\Jake\Downloads\SSuite_Win_Full
2014-08-17 15:07 - 2014-08-17 15:05 - 191873237 _____ () C:\Users\Jake\Downloads\SSuite_Win_Full.zip
2014-08-17 13:53 - 2014-08-17 13:53 - 35484078 _____ () C:\Users\Jake\Downloads\fishingimage_1.mp4
2014-08-16 22:59 - 2014-08-16 22:59 - 00000037 _____ () C:\Users\Jake\Desktop\new textrttt.txt
2014-08-16 22:45 - 2011-07-07 21:14 - 00000000 ____D () C:\Users\Jake
2014-08-16 21:33 - 2011-07-07 21:19 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Adobe
2014-08-16 21:32 - 2014-08-16 21:32 - 18117306 _____ () C:\Users\Jake\Downloads\ON_THE_SKAGIT_RIVER_NEAR_CONCRETE,_DAN_DUDLEY_OF_BELLEVUE_PLAYS_A_19^_POUND_STEEL_HEAD_TROUT_AS_GUIDE_KERRY_DUVALL..._-_NARA_-_552324.tif
2014-08-16 20:34 - 2014-08-16 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-16 20:31 - 2014-08-16 20:31 - 00000000 ____D () C:\Riot Games
2014-08-16 20:30 - 2014-08-16 20:29 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-16 20:30 - 2013-07-09 13:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Riot Games
2014-08-16 14:11 - 2014-08-16 14:11 - 18324306 _____ () C:\Users\Jake\Downloads\FISHING_FOR_STEELHEAD_TROUT_ON_THE_SKAGIT_RIVER_NEAR_ROCKPORT._THE_SKAGIT_IS_ONE_OF_THE_FINEST_STEELHEAD_TROUT_RIVERS..._-_NARA_-_552325.tif
2014-08-16 14:01 - 2011-07-09 10:22 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-08-11 04:30 - 2014-08-11 04:13 - 00047752 _____ () C:\Users\Jake\Downloads\FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-11 04:13 - 2014-08-11 04:13 - 00000165 ____H () C:\Users\Jake\Downloads\~$FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-10 22:01 - 2014-08-10 22:01 - 00000293 _____ () C:\Users\Jake\Desktop\newww.txt
2014-08-09 15:24 - 2014-08-09 15:24 - 507287556 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
2014-08-09 15:24 - 2014-08-09 15:24 - 00005085 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
2014-08-09 10:36 - 2014-08-09 10:35 - 69600946 _____ () C:\Users\Jake\Downloads\Morrow Bay Project_1.wav
2014-08-08 17:59 - 2014-08-08 17:42 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview footage
2014-08-08 17:50 - 2014-08-08 17:49 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview audio files
2014-08-07 22:36 - 2014-08-07 22:20 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (4)
2014-08-07 22:18 - 2011-07-07 21:16 - 00113712 _____ () C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-07 21:45 - 2014-08-07 21:34 - 459769856 _____ () C:\Users\Jake\Downloads\Aquaculture Morro Bay FINAL (1).mpg
2014-08-07 21:44 - 2014-08-07 21:35 - 400331133 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
2014-08-07 15:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 14:34 - 2014-08-07 14:34 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2014-08-07 14:34 - 2014-03-31 17:06 - 00000000 ____D () C:\Program Files\Adobe
2014-08-07 14:34 - 2014-03-31 17:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-07 14:12 - 2014-08-07 14:12 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00000999 _____ () C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
2014-08-07 14:10 - 2014-08-07 14:10 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-08-07 14:01 - 2014-08-07 14:01 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-08-07 13:59 - 2014-08-07 13:59 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-08-07 13:59 - 2011-05-18 19:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-07 13:42 - 2014-08-07 13:42 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-07 13:25 - 2014-08-07 13:25 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-08-07 12:36 - 2014-08-07 12:36 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-08-07 11:16 - 2014-08-07 11:16 - 00001483 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-08-07 10:45 - 2014-08-07 10:45 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
2014-08-07 10:36 - 2014-08-07 10:36 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2014-08-07 10:31 - 2014-03-31 16:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 19:06 - 2014-08-14 18:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-14 18:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 18:58 - 2014-08-06 18:58 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-06 18:57 - 2014-08-06 18:57 - 26771088 _____ () C:\Users\Jake\Downloads\SeaToolsforWindowsSetup.exe
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\_OTL
2014-08-06 16:44 - 2012-01-23 14:01 - 00000000 ____D () C:\Users\Jake\AppData\Local\Conduit
2014-08-06 16:23 - 2014-08-06 16:23 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-08-06 15:52 - 2014-08-06 15:52 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-08-06 15:21 - 2014-04-07 14:59 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-08-05 15:20 - 2013-06-05 17:47 - 00000000 ____D () C:\Users\Jake\Desktop\all notes
 
Some content of TEMP:
====================
C:\Users\Jake\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqh1_.dll
C:\Users\Jake\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Jake\AppData\Local\Temp\sfareca00001.dll
C:\Users\Jake\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 11:28
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Jake at 2014-09-04 13:26:40
Running from C:\Users\Jake\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2d3 SteadyMove for Adobe Premiere Pro 2.0 (HKLM-x32\...\{B2C45229-65A0-4738-B9CB-C5A41634FBB1}) (Version: 1.20.8111 - 2d3 Ltd)
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (x32 Version: 7.0.0.244 - Adobe Systems, Inc.) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Audition 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 2.0 Loopology Content (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Encore DVD 2.0 (x32 Version: 2.0 - Adobe Systems, Inc.) Hidden
Adobe Encore DVD FC (x32 Version: 2.0 - Adobe Systems Inc.) Hidden
Adobe ExtendScript Toolkit 1.0 (x32 Version: 001.000.002 - Adobe Systems) Hidden
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{EC6FE191-AC85-4647-AE1E-8DE98D1E9737}) (Version: 2014.0.1.30 - Adobe Systems, Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Photoshop CS2 Functional Content (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0.1 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro 2.0 (x32 Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro FC (x32 Version: 1.00.0000 - Adobe Systems) Hidden
Adobe Production Studio (HKLM-x32\...\{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}) (Version:  - )
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.2 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Video Suite Extras (x32 Version: 1.00.0000 - Adobe Systems, Inc.) Hidden
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{574634E2-87F7-1DC7-082B-483C41E4989E}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVS Image Converter 2.2.1.209 (HKLM-x32\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
BF3 Alpha Trial (HKLM-x32\...\{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}) (Version: 1.0.0.0 - Electronic Arts)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0412.2341.40734 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0412.2341.40734 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0412.2341.40734 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0412.2341.40734 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0412.2341.40734 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help English (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help French (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help German (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0412.2340.40734 - ATI) Hidden
ccc-utility64 (Version: 2011.0412.2341.40734 - ATI) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Color Finesse (HKLM-x32\...\Color Finesse) (Version:  - Synthetic Aperture)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.2714 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.3.2714 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.0.3922 - CyberLink Corp.) Hidden
Cycore FX 1.0.1 for After Effects (HKLM-x32\...\Cycore FX 1.0.1 for After Effects) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar) (Version: 0.41.0 - ESN AB)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FlashGet 1.9.6.1073 (HKLM-x32\...\FlashGet) (Version: 1.9.6.1073 - http://www.FlashGet.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 39.0.2145.4 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP 3D DriveGuard (HKLM\...\{0128D231-B23B-409C-A531-39D8D8774BA1}) (Version: 4.1.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{7270C835-15DB-4236-B235-DD6B2EBBD4BA}) (Version: 2.0.0 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A82F706D-6456-4E76-A037-4A00C4F0259D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6330.0 - IDT)
Intel Digital Logo (HKLM-x32\...\{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}) (Version: 1.0.5 - Hewlett-Packard Company)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}) (Version: 1.0.0.0142 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{03703CBB-563D-45CE-8B35-CB04CAB258BE}) (Version: 2.1.38.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Keylight 1.1v1 for After Effects 7.0 (HKLM-x32\...\Keylight 1.1v1 for After Effects_is1) (Version:  - The Foundry)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 8.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 8.0.1 (x86 en-US)) (Version: 8.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 7 (HKLM\...\{1179B5C1-663C-43EC-A97A-3942D5F6A7DE}) (Version: 7.0.2.8 - Nitro PDF Software)
Nitro Pro 9 (HKLM-x32\...\{06a2bb12-aa54-4fc8-8a80-785b545238ce}) (Version: 9.0.7.5 - Nitro)
Nitro Pro 9 (Version: 9.0.7.5 - Nitro) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.2.1.458 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5015 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5015 - CyberLink Corp.) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.0.25 - Red Giant, LLC)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Replay Music (HKLM-x32\...\Replay Music4.40B) (Version: 4.40B - Applian Technologies Inc.)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shooter Suite v12.5.1 (HKLM-x32\...\{7DFC5E36-8CC9-4EC5-9C24-A3770A669E3F}_is1) (Version: 12.5.1 - Red Giant, LLC)
Similarity 1.6.2 (HKLM-x32\...\{8FADDF24-A5D5-484E-85E0-2061CAB5175B}) (Version: 1.6.2.1250 - GAR Software)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.1.4 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Toddler Keys (HKLM-x32\...\{7339E7E7-FB6A-46EC-8303-D31E655EF617}) (Version: 00.97.0000 - none)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.4 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01D445DA-820A-4F0E-A9FE-0BB8757B25D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {0E7B5B41-E61E-410F-ADEF-9CA502800F0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15] (Google Inc.)
Task: {38C9AFA8-686B-430B-8208-15D74E1429A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {4164BE1E-DB22-4435-8884-90612C8CB4EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {58E7686D-7041-49E4-9CFF-4D13CCA46E27} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61017CBF-6D45-4A61-8E41-B15A9E1539AF} - System32\Tasks\{04D97E45-DF64-42E9-856A-8E4D13BB7941} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {7270C738-025D-4578-9F6E-966FC5C5C65D} - System32\Tasks\{28F416EE-677A-405F-AD28-C76CF13ED9D8} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {78572BBE-F10B-4366-8B62-D7E91A160935} - System32\Tasks\{3FF37F89-177E-4A6A-BE4D-DE975E73B1D5} => C:\Program Files (x86)\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe [2005-11-17] ()
Task: {79FF71E5-21D5-4C2A-B334-54E8F3F68E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-15] (Google Inc.)
Task: {7B89462B-6364-406F-8059-4AC57B1FC488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-24] (Google Inc.)
Task: {80F19D1F-16E0-45DF-8803-F8DD05A994CC} - System32\Tasks\HPCeeScheduleForJake => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {959DD3FC-1488-480F-B8F1-D72950863ABA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: {9A566A26-7312-4582-BEBE-7E80DF5EEF0D} - System32\Tasks\AdobeAAMUpdater-1.0-Jake-HP-Jake => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {AEFFD5B8-A7E6-4F39-A494-C52DA8371C45} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: {BCDAB5C9-A296-4BE4-AE8E-73F61100D2F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BE7A06EF-09B2-4C11-9FDA-50747FACDA2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C695E39F-FA63-446C-8D82-903541785479} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-08-08] ()
Task: {C709D464-F417-4964-86E1-6F1DF968948A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {E6E78B97-21D4-4FBD-A005-9A72761AEF3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job => C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJake.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-09 11:52 - 2011-07-09 12:46 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-07-09 11:52 - 2011-07-31 14:20 - 00215128 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-12-01 04:48 - 2011-11-25 04:59 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-20 09:10 - 2011-12-20 09:10 - 00123680 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-25 18:28 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-12 23:40 - 2011-04-12 23:40 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-11-01 15:26 - 2011-11-01 15:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 15:26 - 2011-11-01 15:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-09-02 01:15 - 2014-09-02 01:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dd6fc22803179737778373cbf642f997\IsdiInterop.ni.dll
2011-05-18 19:39 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-07-03 06:45 - 2014-07-03 06:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-09-04 13:11 - 2014-09-04 13:11 - 00043008 _____ () c:\users\jake\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpviqh1_.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Jake\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-03 11:44 - 2014-08-29 19:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 11:44 - 2014-08-29 19:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 11:44 - 2014-08-29 19:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 11:44 - 2014-08-29 19:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 11:44 - 2014-08-29 19:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jake^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: googletalk => C:\Users\Jake\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2014 11:57:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3916
 
Error: (09/04/2014 11:57:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3916
 
Error: (09/04/2014 11:57:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 11:57:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (09/04/2014 11:57:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (09/04/2014 11:57:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/04/2014 11:53:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (09/04/2014 11:52:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/04/2014 10:51:50 AM) (Source: Google Update) (EventID: 20) (User: Jake-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (09/04/2014 08:12:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056
 
 
System errors:
=============
Error: (09/04/2014 01:05:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service.
 
Error: (09/04/2014 07:56:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/04/2014 07:54:41 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:23:51 PM on ‎9/‎3/‎2014 was unexpected.
 
Error: (09/03/2014 01:33:25 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (09/02/2014 06:23:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/02/2014 06:21:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:51:49 PM on ‎9/‎2/‎2014 was unexpected.
 
Error: (09/02/2014 03:48:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/02/2014 03:47:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:45:09 PM on ‎9/‎2/‎2014 was unexpected.
 
Error: (09/02/2014 02:43:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/02/2014 02:42:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Audio Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2013 01:24:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1961470 seconds with 101880 seconds of active time.  This session ended with a crash.
 
Error: (09/22/2013 08:33:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167705 seconds with 29160 seconds of active time.  This session ended with a crash.
 
Error: (09/20/2013 09:57:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 212053 seconds with 58560 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 6091.86 MB
Available physical RAM: 3550.88 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 9004.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:680.98 GB) (Free:58.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.36 GB) (Free:0.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive g: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:1593.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D5226363)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.4 GB) - (Type=07 NTFS)
Partition 4aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-04 13:30:39
-----------------------------
13:30:39.635    OS Version: Windows x64 6.1.7601 Service Pack 1
13:30:39.635    Number of processors: 4 586 0x2A07
13:30:39.635    ComputerName: JAKE-HP  UserName: Jake
13:30:41.545    Initialize success
13:30:41.577    VM: initialized successfully
13:30:41.595    VM: Intel CPU BiosDisabled 
13:31:08.977    VM: supported disk I/O iaStor.sys
13:34:13.476    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:34:13.478    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
13:34:13.567    Disk 0 MBR read successfully
13:34:13.569    Disk 0 MBR scan
13:34:13.571    Disk 0 Windows 7 default MBR code
13:34:13.573    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
13:34:13.576    Disk 0 default boot code
13:34:13.584    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       697321 MB offset 409600
13:34:13.614    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17780 MB offset 1428523008
13:34:13.633    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
13:34:13.675    Disk 0 scanning C:\Windows\system32\drivers
13:34:19.086    Service scanning
13:34:31.082    Modules scanning
13:34:31.086    Disk 0 trace - called modules:
13:34:31.089    
13:34:31.092    Scan finished successfully
13:34:50.806    Disk 0 MBR has been saved successfully to "C:\Users\Jake\Desktop\MBR.dat"
13:34:50.810    The log file has been saved successfully to "C:\Users\Jake\Desktop\aswMBR.txt"
 
 
 
: (Not Active) - (Size=103 MB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================
 
I believe those are the only two security scanners I have, though I have mbam.
 
I discovered pando media booster was for a game I played on my computer.  I uninstalled it (dont need to be playing games haha) and do not need it anymore.
 
Things you might need to know:
1.) my pc tried to install windows updates several days ago, and some of them failed
2.) when I try to shut down my pc, a window pops up informing me that a background program will not close, I can force restart, or wait and it goes away and pc shuts down.
3.) whenever chrome is open it seems to slow down teh entire system.  After I close chrome, chrome.exe instances in the process taskmanager are still open and I need to end them.  I reinstalled chrome yesterday.
4.)  I really appreciate all your help :)
 

 


  • 0

#14
jp550

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hey so pc bluescreened immediately after posting the previous reply.  This has (rarely) happened in the past before, but not in recent memory.  I believe the error said somethign along the lines of "alteration to computer code detected"


  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

jp550,
 
I see that there is some work to do here, so let's get at it!
 
First>>>>
 
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

FlashGet 1.9.6.1073
Kaspersky Security Scan
McAfee Security Scan Plus
Pando Media Booster

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

If you are wondering why these programs -
FlashGet has a major seurity hole in the design of the program (http://en.wikipedia.org/wiki/FlashGet)
Kaspersky and McAfee are not needed as you do have Microsoft Security Essentials active and running along with MalwareBytes AntiMalware.


Second>>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
C:\Program Files (x86)\FlashGet\getflash.dll
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: FoxyProxy Standard - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected] [2014-09-02]
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected]
CHR HomePage: Default -> DC9302E92ADEB91EDC640F13521281BD2EF4BC4AE134927BFE298C32D6B4E9D0
CHR DefaultSearchKeyword: Default -> C301DC417E3F3F7FE664BAF5C604F2D6A1F09A7092233A9D60E90A9F20634E39
CHR DefaultSearchProvider: Default -> 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF
CHR DefaultSearchURL: Default -> 44647575B63D70711C364D4F0B4B09BA85F1F2963284D69B79C2B5B5E1008FD8
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-03]
C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {61017CBF-6D45-4A61-8E41-B15A9E1539AF} - System32\Tasks\{04D97E45-DF64-42E9-856A-8E4D13BB7941} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {7270C738-025D-4578-9F6E-966FC5C5C65D} - System32\Tasks\{28F416EE-677A-405F-AD28-C76CF13ED9D8} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {959DD3FC-1488-480F-B8F1-D72950863ABA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AEFFD5B8-A7E6-4F39-A494-C52DA8371C45} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Third>>>>

I know you already did this once but there are two programs that should now be visible that were not visible on the list before.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

bl (x32 Version: 1.0.0 - Your Company Name)
ph (x32 Version: 1.0.0 - Your Company Name)

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


Fourth>>>

We need to get a fresh FRST scan log to verify the Fix list did what we wanted and nothing 'hidden' snuck in.


  • Right click on the FRST64 file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Fifth>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.


  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


<<< Things for your next reply >>>

  • How did the uninstalls go? Were there any that did not remove the programs but just wanted to remove from the list?
  • The Fixlog.txt log text.
  • The new FRST.txt log text.
  • The AdwCleaner[R#].txt log text.
  • How is your system running now?

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: sweetpacks, fake java

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP