Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups and redirects on Win7 Firefox


  • This topic is locked This topic is locked

#1
Vic from NJ

Vic from NJ

    Member

  • Member
  • PipPip
  • 19 posts

Norton full scan reported some repairs

NOSCRIPT 2.6.9.1 active

normal operaion of Office apps and Outlook

 

OTL logfile created on: 10/15/2014 11:34:24 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lido\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.11% Memory free
7.60 Gb Paging File | 5.12 Gb Available in Paging File | 67.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 274.78 Gb Free Space | 60.70% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 303.00 Gb Free Space | 32.53% Space Free | Partition Type: NTFS
 
Computer Name: LIDO-PC | User Name: Lido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/15 11:33:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Downloads\OTL(1).exe
PRC - [2014/09/25 14:31:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/09/02 08:45:29 | 001,868,976 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
PRC - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
PRC - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/07/22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/16 16:02:24 | 000,579,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2014/06/16 15:59:40 | 001,537,536 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2014/06/12 07:58:07 | 001,465,616 | ---- | M] (SanDisk Corporation) -- C:\Users\Lido\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2014/04/01 14:38:18 | 002,007,392 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/03/26 18:41:12 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/06/06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/25 14:31:57 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/11 17:19:20 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3c777eb7042798554bcf10134595273e\System.Xml.ni.dll
MOD - [2014/09/11 17:19:18 | 000,794,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\08fbe280b07b0401b857454aef95ea81\System.ServiceModel.Internals.ni.dll
MOD - [2014/09/11 17:19:18 | 000,122,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\003f540cf55cae8805bb30d8b240ec86\SMDiagnostics.ni.dll
MOD - [2014/09/11 17:19:17 | 002,822,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\c2d1735e9f72e974cd34063a714a309f\System.Runtime.Serialization.ni.dll
MOD - [2014/09/11 17:19:13 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5ee6a5fbbf59e1c3ca14631ff12dd6ec\System.Configuration.ni.dll
MOD - [2014/09/11 17:19:11 | 010,061,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\9b943fcb3af2101cfb3467161c6ac0ed\System.ni.dll
MOD - [2014/09/02 08:45:29 | 017,048,240 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/01 14:37:56 | 000,371,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/03/26 18:42:08 | 000,091,976 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/03/26 18:42:00 | 000,338,784 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/03/26 18:41:58 | 001,403,224 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/03/26 18:41:48 | 000,043,880 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/03/26 18:41:46 | 000,689,000 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/03/26 18:41:44 | 000,060,272 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/03/26 18:41:36 | 000,205,672 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/03/26 18:41:24 | 007,730,016 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/03/26 18:41:10 | 005,979,488 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/03/26 18:41:02 | 003,261,280 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/03/26 18:41:02 | 002,229,096 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2014/02/26 12:53:23 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/27 11:14:00 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/08/08 22:36:10 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/09/25 14:31:57 | 000,114,288 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/02 08:45:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe -- (N360)
SRV - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/28 11:40:08 | 000,101,376 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/11/29 00:00:41 | 000,132,056 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/08/24 17:56:04 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/23 01:13:11 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/07/23 01:13:10 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/07/23 00:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/06/03 08:15:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2014/06/03 08:15:07 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014/06/03 08:15:07 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/06/03 08:15:07 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/06/03 08:15:07 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/06/03 08:15:07 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2013/12/02 19:22:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:43 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/20 07:32:48 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2013/08/20 07:32:46 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2013/06/02 05:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2013/02/28 21:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/04 07:19:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/06 18:41:42 | 000,235,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2014/10/03 15:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/09 10:19:54 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/09 10:19:54 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 14:31:43 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141014.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/21 16:28:27 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141014.009\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 16:28:26 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141014.009\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}
IE - HKCU\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{212D1EE6-E1B8-419A-8C84-EA046D4D3FFA}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://search.condui...1501405022&UM=2
IE - HKCU\..\SearchScopes\{A867B985-CC43-404D-B808-9D3466AE3ACB}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{BFDA9747-DAE3-4C18-9D77-C3A203BA56B5}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}: "URL" = http://astromenda.co...=1715490871&ir=
IE - HKCU\..\SearchScopes\0D110202C5D0481BB698C74B24C2428C: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Astromenda"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Astromenda"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://groups.google...oup/oceanaires"
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.1.2
FF - prefs.js..extensions.enabledAddons: %7Bfef7f75c-f985-4250-96f9-8183cd04238b%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lido\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lido\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/10/15 08:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/27 15:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Extensions
[2014/10/14 14:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions
[2014/09/07 15:23:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/31 14:46:24 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube Full HD Download") -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\[email protected]
[2014/10/14 14:28:46 | 000,542,669 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/10 17:30:22 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2014/08/20 10:31:22 | 000,008,654 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi
[2014/08/19 17:40:52 | 000,002,827 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Astromenda.xml
[2013/07/01 16:49:15 | 000,001,793 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Bing.xml
[2013/04/23 09:24:58 | 000,001,110 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
[2014/07/24 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 14:31:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\
 
O1 HOSTS File: ([2012/06/18 09:10:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (SunriseBrowse) - {b110ca24-17f3-4555-b0d2-672ab034adf9} - C:\Program Files (x86)\SunriseBrowse\SunriseBrowseBHO.dll (SunriseBrowse)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [PCShowServer] C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{489208A3-43DB-4783-BF18-0C187AED2C3E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/08 14:00:39 | 000,000,000 | ---D | C] -- C:\Financial
[2014/09/30 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\Lido\Desktop\IndexC
[2014/09/28 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Astromenda
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/15 11:40:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
[2014/10/15 11:35:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/15 11:11:31 | 000,786,514 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/15 11:11:31 | 000,665,554 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/15 11:11:31 | 000,123,330 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/15 11:10:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
[2014/10/15 11:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/15 10:41:11 | 000,000,288 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/15 10:41:10 | 000,000,116 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/10/15 09:35:02 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/15 09:01:52 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 09:01:52 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 08:54:37 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/10/15 08:52:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/15 08:51:35 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/14 15:10:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/23 14:34:54 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/08/25 09:41:01 | 000,000,116 | ---- | C] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/08/01 11:48:00 | 000,055,922 | ---- | C] () -- C:\Users\Lido\P7300586.JPG
[2014/08/01 11:48:00 | 000,054,710 | ---- | C] () -- C:\Users\Lido\P7300588.JPG
[2014/08/01 11:48:00 | 000,048,198 | ---- | C] () -- C:\Users\Lido\P7300587.JPG
[2014/08/01 11:47:00 | 000,054,661 | ---- | C] () -- C:\Users\Lido\P7300585.JPG
[2014/07/01 08:56:50 | 000,000,204 | ---- | C] () -- C:\Users\Lido\AppData\Local\singandsee.ini
[2014/06/26 15:07:59 | 003,574,576 | ---- | C] () -- C:\Users\Lido\FaithQuartet.pdf
[2014/04/18 14:15:31 | 000,001,471 | ---- | C] () -- C:\Users\Lido\AppData\Local\recently-used.xbel
[2014/03/17 18:24:35 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\ThumbExtract.dll
[2014/03/17 18:24:34 | 000,372,736 | ---- | C] () -- C:\windows\SysWow64\GTTunerCard.dll
[2014/03/17 18:24:34 | 000,175,104 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2014/02/03 19:02:50 | 000,000,232 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2014/02/03 19:02:50 | 000,000,092 | ---- | C] () -- C:\windows\brpcfx.ini
[2014/02/03 19:02:12 | 000,026,119 | ---- | C] () -- C:\windows\BRRBCOM.INI
[2014/02/03 18:51:14 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2014/01/24 10:43:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/24 10:43:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/24 10:43:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/24 10:43:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/24 10:43:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/02 18:29:59 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2013/08/20 07:32:46 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/08/20 07:32:34 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/08/14 07:05:52 | 000,000,258 | RHS- | C] () -- C:\Users\Lido\ntuser.pol
[2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/08/13 14:55:32 | 000,001,055 | ---- | C] () -- C:\Users\Lido\Music - Shortcut.lnk
[2012/01/20 14:12:27 | 000,007,605 | ---- | C] () -- C:\Users\Lido\AppData\Local\Resmon.ResmonCfg
[2011/11/13 08:55:25 | 000,044,074 | ---- | C] () -- C:\Users\Lido\AirForce.JPG
[2011/11/13 08:53:56 | 000,035,052 | ---- | C] () -- C:\Users\Lido\CoastGuard.jpg
[2011/11/13 08:51:54 | 001,696,055 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.mp4
[2011/11/10 17:01:06 | 001,547,413 | ---- | C] () -- C:\Users\Lido\US Air Force Song - _Off We Go_..flv
[2011/11/10 16:59:33 | 001,429,265 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.flv
[2011/09/14 09:30:47 | 000,158,236 | ---- | C] () -- C:\Users\Lido\DowJones.pdf
[2011/08/04 18:53:45 | 001,110,476 | ---- | C] () -- C:\Program Files (x86)\7-Zip.exe
[2011/06/27 20:58:48 | 000,015,360 | ---- | C] () -- C:\Users\Lido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 19:24:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/07/24 05:26:22 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\052551
[2013/12/13 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Amazon
[2014/01/02 15:03:14 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Apowersoft
[2014/08/19 17:40:44 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Astromenda
[2014/06/03 08:41:09 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Audacity
[2011/12/17 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Avery
[2012/07/13 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Blackboard
[2011/06/25 05:55:58 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Book Place
[2012/07/13 13:14:29 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Collaborate
[2014/07/15 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\ControlCenter4
[2014/09/10 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DIRECTV
[2014/01/06 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DiskAid
[2011/07/11 19:24:08 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DriverFinder
[2013/07/10 06:57:05 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Dropbox
[2014/01/13 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\EDIMAX IP Camera Viewer
[2013/07/13 08:12:25 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\EurekaLog
[2014/10/14 14:22:06 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\FLV and Media Player
[2014/08/27 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\HandBrake
[2011/10/28 13:55:04 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\ID Vault
[2012/06/10 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\JAM Software
[2011/07/24 06:19:33 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\KompoZer
[2012/07/17 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\MakeMusic
[2014/02/11 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Nuance
[2014/04/08 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\PC-FAX TX
[2014/01/17 12:18:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Philipp Winterberg
[2014/03/14 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Quicken WillMaker
[2014/09/10 11:22:08 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Replay Media Catcher 5
[2011/07/22 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\SanDisk
[2011/06/19 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Tific
[2011/06/26 19:58:53 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Toshiba
[2014/08/19 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\UpdaterEX
[2013/07/10 06:56:19 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\uTorrent
[2011/06/19 13:51:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WinBatch
[2014/01/13 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Windows Live Writer
[2014/03/07 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Wondershare
[2014/08/19 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WSE_Astromenda
[2014/02/09 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WTouch
[2012/06/11 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Yamb
[2014/03/10 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
 

thanks..


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Don't need to post the first one as we already have that one.




[2014/01/24 10:43:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/24 10:43:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/24 10:43:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/24 10:43:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/24 10:43:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe


That's combofix above. Ran on 1/24 /2014. Do you have the log file for that? It gets saved to the computer at C:\ComboFix.txt and who was helping you with that ?

In your next reply post:
  • Extra's.txt
  • Combofix .txt
Thanks
Joe :)
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts

Re-opened at Vic from NJ's request


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello Vic from NJ,

Please delete your copy of OTL on the desktop and re-download it according to the instructions below: Everything that I ask you to download, please download to the desktop, don't run tools from the downloads folder.

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.
  • 0

#6
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

OK here are OTL .txt and Extras.txt    thank you,

---------------------------------------------------------------

OTL logfile created on: 10/23/2014 8:00:08 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lido\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.53% Memory free
7.60 Gb Paging File | 5.29 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 271.94 Gb Free Space | 60.07% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 298.85 Gb Free Space | 32.08% Space Free | Partition Type: NTFS
 
Computer Name: LIDO-PC | User Name: Lido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 07:52:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
PRC - [2014/10/02 16:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/07/22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/16 16:02:24 | 000,579,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2014/06/16 15:59:40 | 001,537,536 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2014/06/12 07:58:07 | 001,465,616 | ---- | M] (SanDisk Corporation) -- C:\Users\Lido\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2014/04/01 14:38:18 | 002,007,392 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/03/26 18:41:12 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/24 00:00:34 | 000,127,384 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\PCCU.exe
PRC - [2012/11/29 00:00:21 | 000,453,944 | ---- | M] (Khrona LLC) -- C:\Program Files (x86)\PC Checkup\AwesomiumProcess
PRC - [2012/06/06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 16:49:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/16 11:24:14 | 000,399,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/15 17:13:56 | 018,813,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/15 17:13:44 | 011,025,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 17:13:37 | 001,870,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\db9cd60ed9ff9585b54d446f37392e8f\System.Web.Services.ni.dll
MOD - [2014/10/15 17:13:34 | 007,409,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/15 17:13:34 | 000,241,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\6c97a46aff5154a7217a528e86698ab3\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/10/15 17:13:33 | 001,889,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/15 17:13:32 | 003,950,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 17:13:29 | 000,470,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/15 17:13:27 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 17:13:27 | 001,046,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\cc7bb025e7cca401787cec5893c2cb67\System.ComponentModel.Composition.ni.dll
MOD - [2014/10/15 17:13:23 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 17:13:23 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 17:13:21 | 000,794,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 17:13:21 | 000,122,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 17:13:20 | 002,822,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 17:13:17 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 17:13:16 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 17:13:15 | 010,100,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/01 14:37:56 | 000,371,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/03/26 18:42:08 | 000,091,976 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/03/26 18:42:00 | 000,338,784 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/03/26 18:41:58 | 001,403,224 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/03/26 18:41:48 | 000,043,880 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/03/26 18:41:46 | 000,689,000 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/03/26 18:41:44 | 000,060,272 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/03/26 18:41:36 | 000,205,672 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/03/26 18:41:24 | 007,730,016 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/03/26 18:41:10 | 005,979,488 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/03/26 18:41:02 | 003,261,280 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/03/26 18:41:02 | 002,229,096 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2014/02/28 11:18:37 | 000,190,976 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 12:53:23 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/27 11:14:00 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/08/08 22:36:10 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/10/02 16:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/25 14:31:57 | 000,114,288 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/02 08:45:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/28 11:40:08 | 000,101,376 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/11/29 00:00:41 | 000,132,056 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/08/24 17:56:04 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/25 22:26:58 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 22:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 22:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/06/03 08:15:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2014/06/03 08:15:07 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014/06/03 08:15:07 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/06/03 08:15:07 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/06/03 08:15:07 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/06/03 08:15:07 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2013/12/02 19:22:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:43 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/08/20 07:32:48 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2013/08/20 07:32:46 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2013/06/02 05:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2013/02/28 21:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/04 07:19:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/06 18:41:42 | 000,235,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2014/10/03 15:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/09 10:19:54 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/09 10:19:54 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 14:31:43 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141022.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/21 16:28:27 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141022.017\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 16:28:26 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141022.017\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes,DefaultScope = {E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{212D1EE6-E1B8-419A-8C84-EA046D4D3FFA}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://search.condui...1501405022&UM=2
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{A867B985-CC43-404D-B808-9D3466AE3ACB}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{BFDA9747-DAE3-4C18-9D77-C3A203BA56B5}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}: "URL" = http://astromenda.co...=1715490871&ir=
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\0D110202C5D0481BB698C74B24C2428C: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Astromenda"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Astromenda"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://groups.google...oup/oceanaires"
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.1.2
FF - prefs.js..extensions.enabledAddons: %7Bfef7f75c-f985-4250-96f9-8183cd04238b%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/10/17 13:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/27 15:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Extensions
[2014/10/20 11:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions
[2014/09/07 15:23:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/31 14:46:24 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube Full HD Download") -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\[email protected]
[2014/10/20 11:45:50 | 000,542,741 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/10 17:30:22 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2014/08/20 10:31:22 | 000,008,654 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi
[2014/08/19 17:40:52 | 000,002,827 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Astromenda.xml
[2013/07/01 16:49:15 | 000,001,793 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Bing.xml
[2013/04/23 09:24:58 | 000,001,110 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
[2014/07/24 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 14:31:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\
 
O1 HOSTS File: ([2012/06/18 09:10:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001..\Run: [PCShowServer] C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{489208A3-43DB-4783-BF18-0C187AED2C3E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/23 07:52:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
[2014/10/16 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Citrix
[2014/10/15 09:25:33 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/10/15 09:25:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/10/15 09:25:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/10/15 09:25:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/10/15 09:25:32 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/10/15 09:25:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/10/15 09:25:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/10/15 09:25:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/10/15 09:25:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/10/15 09:25:31 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/10/15 09:25:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/10/15 09:25:30 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/10/15 09:25:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/10/15 09:25:29 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/10/15 09:25:29 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/10/15 09:25:29 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/10/15 09:25:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/10/15 09:25:28 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/10/15 09:25:28 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/10/15 09:25:28 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/10/15 09:25:27 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/10/15 09:25:27 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/10/15 09:25:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/10/15 09:25:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/10/15 09:25:26 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/10/15 09:25:26 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/10/15 09:25:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/10/15 09:25:25 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/10/15 09:25:25 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/10/15 09:25:25 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/10/15 09:25:25 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/10/15 09:25:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/10/15 09:25:24 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/10/15 09:25:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/10/15 09:25:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/10/15 09:23:31 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2014/10/15 09:23:31 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscorier.dll
[2014/10/15 09:23:31 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscorier.dll
[2014/10/15 09:23:30 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2014/10/15 09:23:30 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscories.dll
[2014/10/15 09:23:30 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscories.dll
[2014/10/15 09:23:13 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drmv2clt.dll
[2014/10/15 09:23:13 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drmv2clt.dll
[2014/10/15 09:23:13 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\blackbox.dll
[2014/10/15 09:23:13 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\blackbox.dll
[2014/10/15 09:23:11 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2014/10/15 09:23:09 | 004,120,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mf.dll
[2014/10/15 09:23:08 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmdrmsdk.dll
[2014/10/15 09:23:07 | 011,411,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2014/10/15 09:23:07 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmdrmsdk.dll
[2014/10/15 09:23:07 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll
[2014/10/15 09:23:06 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mf.dll
[2014/10/15 09:23:06 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drmmgrtn.dll
[2014/10/15 09:23:05 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2014/10/15 09:23:05 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2014/10/15 09:23:05 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2014/10/15 09:23:05 | 000,616,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2014/10/15 09:23:05 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2014/10/15 09:23:05 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2014/10/15 09:23:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll
[2014/10/15 09:23:05 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2014/10/15 09:23:05 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drmmgrtn.dll
[2014/10/15 09:23:05 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2014/10/15 09:23:04 | 005,551,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/10/15 09:23:04 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/10/15 09:23:04 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\evr.dll
[2014/10/15 09:23:03 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/10/15 09:23:03 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2014/10/15 09:23:03 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptui.dll
[2014/10/15 09:23:03 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2014/10/15 09:23:03 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll
[2014/10/15 09:23:02 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2014/10/15 09:23:02 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptui.dll
[2014/10/15 09:23:02 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2014/10/15 09:23:02 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\evr.dll
[2014/10/15 09:23:02 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfplat.dll
[2014/10/15 09:23:02 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll
[2014/10/15 09:23:01 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscp.dll
[2014/10/15 09:23:01 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscp.dll
[2014/10/15 09:23:01 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msnetobj.dll
[2014/10/15 09:23:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rstrui.exe
[2014/10/15 09:23:01 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2014/10/15 09:23:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptsp.dll
[2014/10/15 09:23:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidapi.dll
[2014/10/15 09:23:00 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msnetobj.dll
[2014/10/15 09:23:00 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfps.dll
[2014/10/15 09:23:00 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfps.dll
[2014/10/15 09:23:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rrinstaller.exe
[2014/10/15 09:23:00 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\appidapi.dll
[2014/10/15 09:23:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rrinstaller.exe
[2014/10/15 09:22:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidpolicyconverter.exe
[2014/10/15 09:22:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setbcdlocale.dll
[2014/10/15 09:22:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srclient.dll
[2014/10/15 09:22:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfpmp.exe
[2014/10/15 09:22:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfpmp.exe
[2014/10/15 09:22:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appidcertstorecheck.exe
[2014/10/15 09:22:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\spwmp.dll
[2014/10/15 09:22:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\spwmp.dll
[2014/10/15 09:22:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdxm.ocx
[2014/10/15 09:22:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxmasf.dll
[2014/10/15 09:22:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dxmasf.dll
[2014/10/15 09:22:54 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2014/10/15 09:22:54 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2014/10/15 09:22:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msdxm.ocx
[2014/10/15 09:22:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mferror.dll
[2014/10/15 09:22:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mferror.dll
[2014/10/15 09:22:02 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/10/15 09:22:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/10/15 09:22:02 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014/10/15 09:17:28 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/10/15 09:17:09 | 001,050,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2014/10/15 09:17:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2014/10/15 09:17:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2014/10/15 09:17:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2014/10/15 09:17:08 | 005,780,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2014/10/15 09:17:08 | 004,922,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2014/10/15 09:17:08 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2014/10/15 09:17:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2014/10/15 09:17:07 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2014/10/15 09:16:47 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rastls.dll
[2014/10/15 09:16:47 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rastls.dll
[2014/10/15 09:16:35 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/10/15 09:16:35 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsta.dll
[2014/10/15 09:16:35 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2014/10/15 09:15:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2014/10/15 09:15:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2014/10/08 14:00:39 | 000,000,000 | ---D | C] -- C:\Financial
[2014/10/01 09:33:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2014/10/01 09:33:04 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2014/09/30 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\Lido\Desktop\IndexC
[2014/09/28 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Astromenda
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/23 08:04:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/23 07:52:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
[2014/10/23 07:41:02 | 000,000,288 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
[2014/10/23 07:41:02 | 000,000,120 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/10/23 07:41:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
[2014/10/23 07:27:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/23 07:26:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
[2014/10/23 07:10:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/22 17:13:25 | 000,001,595 | ---- | M] () -- C:\Users\Lido\Desktop\GEEKS.lnk
[2014/10/22 15:27:00 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/22 14:34:48 | 000,786,578 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/22 14:34:48 | 000,665,554 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/22 14:34:48 | 000,123,330 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/21 09:26:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
[2014/10/17 13:19:37 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/17 13:19:37 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/17 12:57:07 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/10/17 12:54:22 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/16 09:09:26 | 000,002,411 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/10/16 09:08:57 | 000,440,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/16 09:05:53 | 003,075,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/16 09:05:01 | 000,048,844 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/09 22:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2014/10/09 22:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/10/09 22:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/10/02 16:14:26 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2014/09/25 18:46:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/09/25 18:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/09/25 18:31:02 | 002,108,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/09/24 22:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2014/09/24 21:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/22 17:09:02 | 000,001,595 | ---- | C] () -- C:\Users\Lido\Desktop\GEEKS.lnk
[2014/09/23 14:34:54 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/08/25 09:41:01 | 000,000,120 | ---- | C] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/08/01 11:48:00 | 000,055,922 | ---- | C] () -- C:\Users\Lido\P7300586.JPG
[2014/08/01 11:48:00 | 000,054,710 | ---- | C] () -- C:\Users\Lido\P7300588.JPG
[2014/08/01 11:48:00 | 000,048,198 | ---- | C] () -- C:\Users\Lido\P7300587.JPG
[2014/08/01 11:47:00 | 000,054,661 | ---- | C] () -- C:\Users\Lido\P7300585.JPG
[2014/07/01 08:56:50 | 000,000,204 | ---- | C] () -- C:\Users\Lido\AppData\Local\singandsee.ini
[2014/06/26 15:07:59 | 003,574,576 | ---- | C] () -- C:\Users\Lido\FaithQuartet.pdf
[2014/04/18 14:15:31 | 000,001,471 | ---- | C] () -- C:\Users\Lido\AppData\Local\recently-used.xbel
[2014/03/17 18:24:35 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\ThumbExtract.dll
[2014/03/17 18:24:34 | 000,372,736 | ---- | C] () -- C:\windows\SysWow64\GTTunerCard.dll
[2014/03/17 18:24:34 | 000,175,104 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2014/02/03 19:02:50 | 000,000,232 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2014/02/03 19:02:50 | 000,000,092 | ---- | C] () -- C:\windows\brpcfx.ini
[2014/02/03 19:02:12 | 000,026,119 | ---- | C] () -- C:\windows\BRRBCOM.INI
[2014/02/03 18:51:14 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2014/01/24 10:43:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/24 10:43:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/24 10:43:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/24 10:43:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/24 10:43:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/02 18:29:59 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2013/08/20 07:32:46 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/08/20 07:32:34 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/08/14 07:05:52 | 000,000,258 | RHS- | C] () -- C:\Users\Lido\ntuser.pol
[2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/08/13 14:55:32 | 000,001,055 | ---- | C] () -- C:\Users\Lido\Music - Shortcut.lnk
[2012/01/20 14:12:27 | 000,007,605 | ---- | C] () -- C:\Users\Lido\AppData\Local\Resmon.ResmonCfg
[2011/11/13 08:55:25 | 000,044,074 | ---- | C] () -- C:\Users\Lido\AirForce.JPG
[2011/11/13 08:53:56 | 000,035,052 | ---- | C] () -- C:\Users\Lido\CoastGuard.jpg
[2011/11/13 08:51:54 | 001,696,055 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.mp4
[2011/11/10 17:01:06 | 001,547,413 | ---- | C] () -- C:\Users\Lido\US Air Force Song - _Off We Go_..flv
[2011/11/10 16:59:33 | 001,429,265 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.flv
[2011/09/14 09:30:47 | 000,158,236 | ---- | C] () -- C:\Users\Lido\DowJones.pdf
[2011/08/04 18:53:45 | 001,110,476 | ---- | C] () -- C:\Program Files (x86)\7-Zip.exe
[2011/06/27 20:58:48 | 000,015,360 | ---- | C] () -- C:\Users\Lido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 19:24:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

--------------------------------------------------------

OTL Extras logfile created on: 10/23/2014 8:00:08 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lido\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.53% Memory free
7.60 Gb Paging File | 5.29 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 271.94 Gb Free Space | 60.07% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 298.85 Gb Free Space | 32.08% Space Free | Partition Type: NTFS
 
Computer Name: LIDO-PC | User Name: Lido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --playlist-enqueue "%1" (Applian Technologies Inc)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --no-playlist-enqueue "%1" (Applian Technologies Inc)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --playlist-enqueue "%1" (Applian Technologies Inc)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Applian Technologies\FLV and Media Player\amp.exe" --started-from-file --no-playlist-enqueue "%1" (Applian Technologies Inc)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1264F3D9-9BF2-4DD5-89D6-A22BFABB11D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1665CD9E-3E25-4202-AC52-95F1F5DEF5DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17FB897B-A577-4C22-871F-1A9EAA5CBC33}" = lport=5353 | protocol=17 | dir=in | name=mdns-sd/bonjour |
"{1B8860F4-CE48-4BE2-8D4B-63C3C9B24CEC}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DBC5723-14B7-4FDD-A8E6-56635A98283F}" = rport=445 | protocol=6 | dir=out | app=system |
"{2155D6AB-6AB3-494C-B7F9-A651A3D3BA11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{427AC1A8-284A-458A-90E5-2690F2BE76EC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{430AD430-C6F9-45BD-AA80-05FDA7FBAAA2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5A68A5E7-FB3B-4841-AFE3-9421ABA68ECD}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{5D7E7B0D-A821-4B34-A7ED-BD874318F1B3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5F1140EC-602D-4219-9AA1-572FDA4E5076}" = lport=138 | protocol=17 | dir=in | app=system |
"{625F70ED-C019-4F48-8D8F-CA73A3302B5E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{634D9BDB-1312-42CA-AAC6-06471EF0F0B2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6BAF04B7-9A70-4054-99DD-7ACA339578A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D130EA8-70BE-4FF9-8366-EB7E44675127}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73104FBB-7635-414F-84E8-19BF92B88003}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7643A10C-70D3-4BB1-A618-427EEC70438C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CFB57D4-97C4-4A43-8D70-888AFD50D767}" = lport=7288 | protocol=6 | dir=in | name=tivo hme host: port %d |
"{879303AB-332F-435C-A9A6-965F3EE99F77}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A22ED8D-380A-4486-8A92-AA6C85A07BCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90CF258E-8453-4047-901F-9F86C2099412}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9653264C-478F-425A-8417-64D7848A93A7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A3914FAC-37DE-462C-8A85-B97A85A2A326}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A392F087-AB9C-4551-AE34-088C057BE1D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9C49C79-AE6E-44F1-AAA6-65BE1853031C}" = rport=139 | protocol=6 | dir=out | app=system |
"{AFC47C13-15B5-4EE6-91C3-ECC939D3B122}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B22D92C8-0E2F-408E-BD8B-C182774644B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4009B2E-14AB-4E1B-A914-04C0A9B7E67B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDF5AFC1-7C27-4B42-A98C-4B4F82D1FA00}" = rport=138 | protocol=17 | dir=out | app=system |
"{D5D7792F-7744-4A19-81F8-A11C624D748B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF12BAE1-EC1F-423A-A190-AF5DF6A0CBFC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E857C915-985C-4A7A-860E-19A0B7D6A534}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E94EFD18-3926-4826-B29B-7F1F4BC7AAB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{EB23E1C2-3B9C-4C53-93F3-099DDEA51346}" = rport=137 | protocol=17 | dir=out | app=system |
"{F571ECF0-DB5E-4F07-BA53-8E8E386EF5B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6933F75-898B-4A13-8D02-ED1D582573B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6F08D66-B2F7-4679-AC63-3987778A3866}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7B965C3-73F9-4F56-8606-76C12A5C5360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04623B74-F144-4715-9A8A-19BD52B07A15}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivoserver.exe |
"{06F06F1D-9FF9-47F6-A943-F0F1816F5084}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\ffmpeg.exe |
"{16732C66-3169-415B-99AC-1976E40C1C59}" = protocol=1 | dir=in | [email protected],-28543 |
"{17A9BB73-7AB8-415C-8508-78F634EEBB16}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftplayer.dll |
"{182FCF89-7FB1-417F-B331-C3F679524EEB}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\video download capture.exe |
"{1AF3FB3D-042F-4F30-A0C8-8ECCED87634F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B3F62C8-E8FE-455F-B3D1-7B618AF253EE}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdump.dll |
"{1C00B485-08BB-4FE6-A841-0167E1721788}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivodesktop.exe |
"{1C6B58F1-7DB8-4DC4-8D9F-587001DA3575}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\apowersoftplayer.dll |
"{267BA7EB-8602-4C9A-A6BF-455B6FC4EC2F}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivodiag.exe |
"{27BDFFB3-FC26-46E3-BAF0-BF2665EE8461}" = protocol=6 | dir=out | app=system |
"{281606B8-CA1A-4315-9AAE-0E7AB973EC3F}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivoserver.exe |
"{28EA7403-8B5F-49E4-B21B-B2EB2D0AFDFD}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{2919C2D4-620C-4B99-8B77-F704CA322515}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jwmpp.exe |
"{2B383C67-919D-43B8-A223-26EBFAF95557}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B891517-4403-4E81-BFBD-54196A5A4253}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F0C1D16-7417-4273-B8FB-50CD073534D5}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{318DBBAD-B3EC-4F24-BD7A-15F572905B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivobeacon.exe |
"{32C52348-92BD-469E-80AC-AECCD3D1E3B3}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe |
"{3B263836-876F-464B-8BBD-5DE732B7D976}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{3B698D77-741C-430B-AC3C-81DCB5C6F30A}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{3DCE7AA9-A5E2-4B3F-ADCF-A566E864CF2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4CCF79FA-51CC-47D5-AABF-2392A986CA58}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdownloaderhelp.dll |
"{51EC95E8-0D32-4AAB-9BA4-262BEF096E04}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivodesktop.exe |
"{59E52A9C-4EB1-4405-A452-492270AE18FE}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\apowersoftac.dll |
"{5B497204-A63D-42AA-8951-B36977F932FD}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivotransfer.exe |
"{5B763A1D-0588-4A7C-A0DF-CDD27E2EE3D8}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jbp.exe |
"{5C137762-EB9F-42E8-A8D2-F8E19D0E947B}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftac.dll |
"{5CD77BD6-0FD0-448B-806A-9478DEBFF952}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\tictactoe.exe |
"{5E33417F-FF9D-494D-ABB5-C0BDAAB5C5DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E338398-E5C3-4676-BFF8-6848AF223A45}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdump.dll |
"{655731A3-B19D-42E3-A1D1-65233123CC39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6746C7D5-7DCD-4ED1-9356-8A2BA53E36EC}" = protocol=58 | dir=out | [email protected],-28546 |
"{67989843-E83D-4E7C-B144-6A11D2BA5B34}" = protocol=6 | dir=in | app=c:\users\lido\appdata\local\temp\7zs04c3\hpdiagnosticcoreui.exe |
"{690CF7DC-031D-4AB6-951A-DD37BF682717}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jrmcp.exe |
"{6C5FF16A-A1C0-43C4-834B-884BF93305E3}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jbp.exe |
"{6CCB6E33-BA13-4545-B74E-64FFE6848CDE}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\easychat.exe |
"{6D9ABE3A-2130-421A-AFC0-1B1E6D0418EA}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jwmpp.exe |
"{7041A103-8E6B-40E3-B229-3A95EFE7303B}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\curl.exe |
"{763C09E3-1081-4BCB-997E-6E995FB592D2}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\aria2c.exe |
"{7779FB03-E74A-4506-80F1-C27AA1F71192}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{77FE11AE-37DF-45AE-A395-922B221BE358}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7B6E9D4B-BD36-4BDA-BF30-1B4ECD113F31}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\ffmpeg.exe |
"{7CF75506-DE86-49BF-8046-A1F697C57C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe |
"{881456F6-693E-41F1-8C30-6803B0462043}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8DF27ADC-1A64-46E7-BCB7-F8AC9A2122CC}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\video download capture.exe |
"{8EB55570-915E-434B-960D-07F0E85DE33E}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivodiag.exe |
"{8EC34B28-7EF0-43F6-811F-79B20B089A9E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9429DB71-DEB5-4FE4-ACE8-1245458BCEC8}" = protocol=17 | dir=in | app=c:\users\lido\appdata\local\temp\7zs04c3\hpdiagnosticcoreui.exe |
"{9CCCB966-60EE-4D43-A466-86BD87F62716}" = dir=in | app=c:\program files\cyberlink\powerdirector12\pdr10.exe |
"{A0732DEA-F4F1-4BAB-B24A-BFBF6D6F15CF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A12C7C59-F10E-4979-94DD-8280E5D9D862}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1F14727-26D8-428E-B55B-A13E831B776C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A2D95625-19AA-4173-8B78-209C69E87173}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\seabattle.exe |
"{A8DEC19F-6B68-4C0D-BDD1-5A33EB9ACB84}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdownloaderhelp.dll |
"{ACD316AA-F5A6-4D83-9E3C-74942CFEC5FB}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{AF32D4BC-2BE0-4EC4-A332-40F7CFAAD258}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B14E6AC3-1903-4FC3-AA60-05C25B24E73D}" = dir=in | app=c:\users\lido\appdata\local\microsoft\skydrive\skydrive.exe |
"{B2289804-ADBC-4CD1-9B97-7E63033CFD5E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B53FBE75-013F-4E01-BE54-FD1062A9A2F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B6D70ED5-5847-4242-A6D4-6DE63BE3873C}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivotransfer.exe |
"{B6E57F54-C508-4218-BF3B-C11308DEB1F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7B2C7D8-B416-47CC-9DEE-9017451FE749}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B807B997-4A7B-434F-B2DB-C261EE91DB6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8C7B568-BEA4-4A19-B794-0521F5EE97BE}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BA082C1F-01FB-4382-88FE-69959F3DE83B}" = protocol=58 | dir=in | [email protected],-148 |
"{BABC85A7-1358-4393-B61E-904917C001AA}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\qtcopy.exe |
"{BF9F24A6-E97C-4A3A-8FFE-6E9384220ED9}" = protocol=1 | dir=out | [email protected],-28544 |
"{C5123772-CAD7-4122-9EE4-72C717B0FBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\curl.exe |
"{C763CB80-7C91-4C5E-8348-D467B90FD157}" = dir=out | app=c:\program files (x86)\apowersoft\video download capture\apowersoftsrv.dll |
"{CA3C220F-6150-45A3-BB91-22EBE6FFBD43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB10E7E4-0426-48BE-83D3-D89CE7524366}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\jrmcp.exe |
"{CE3E45B3-0BB9-4C17-87ED-4A7AB95255F5}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\aria2c.exe |
"{D0017144-327F-429B-98A3-27D673D29099}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5183A98-0625-4222-AF89-2A6CA95C07CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D96E2747-8027-44EB-898A-20CA0398BBF2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DC6A99DC-0328-4C02-A943-310E39B531BC}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\qtcopy.exe |
"{DDD1CABA-8365-4590-8CB1-66C3E82A0C9C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DF236A01-1C9A-4EF5-A2AF-CEE82A267A72}" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivobeacon.exe |
"{DF324EF7-6E91-4D99-8170-290CB2F30FE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2E58E54-A8DF-4F5B-9467-CD443F6E5AFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E526E6ED-4151-42B3-9BE8-332B0957C8B8}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\chess.exe |
"{E72EAB89-B5D5-4E2E-AB5B-7C379B8A7CB1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E954FA64-2BD5-48EA-8A9F-EADDD8A6882C}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\backgammon.exe |
"{ED5EFBD4-8857-4501-829B-27A7F2F84B6A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F1AD3B6F-7191-4960-8B01-5AF9F8DCB711}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F25E0346-5956-4B0A-A6E9-E8CB883F41AF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F4B0D424-0C18-4767-88DE-CE0733CE1707}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\checkers.exe |
"{F5EB62DC-4B58-4857-9EBC-7B303E7C2110}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftsrv.dll |
"{F70C3E86-4709-4A5B-8CFB-A584D9265847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC9B2BBC-4688-4989-B810-A08429820D40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD632606-8E5C-44D2-9A13-AA7683A520C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{A826021A-FC87-430C-A8B1-6D1BA535CD37}C:\program files (x86)\tivo\desktop\tivoserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tivo\desktop\tivoserver.exe |
"UDP Query User{11001FE7-841E-40C5-AA14-167365EC9CF3}C:\program files (x86)\tivo\desktop\tivoserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tivo\desktop\tivoserver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}" = WD SmartWare
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{ac225167-00fc-452d-94c5-bb93600e7d9a}" = Buzzdock
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"SunriseBrowse" = SunriseBrowse
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2D0D4A16-6486-48B5-A9AA-92C93BE62802}" = Inkling Sketch Manager
"{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}" = WD SmartWare Installer
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.3
"{50FC30FE-9758-3B08-B886-7BAABC047B61}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{64AEB598-E518-4AD0-B02B-99F365B8054C}" = Serif PanoramaPlus Starter Edition
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8543A572-5993-4101-BACC-C83884E183A4}" = EZ Grabber
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88B5FBDC-967D-4B1F-B291-39284AE12201}" = Nuance PaperPort 12
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0A3A97D-7918-4B0B-B91E-775E00C36122}" = WD Quick View
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}" = DIRECTV Player
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DD98C438-D769-4677-AA87-3481FA32D20C}" = Brother MFL-Pro Suite MFC-J4510DW
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"7-Zip" = 7-Zip 9.20
"Acoustic Labs Multitrack Recorder (Demo)" = Acoustic Labs Multitrack Recorder (Demo)
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Astromenda" = WSE_Astromenda
"Audacity_is1" = Audacity 2.0.3
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"Canta" = Canta 1.11
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter version 6.2.2.46
"DVD Shrink_is1" = DVD Shrink 3.2
"EdiView Finder Utility_is1" = EdiView Finder v1.0.7
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FLV and Media Player" = FLV and Media Player 4.2.1.1
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.6
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}" = CyberLink PowerDirector 12
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"IPCam Surveillance Software_is1" = IPCam Surveillance Software 3.0.5.7
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pen Tablet Driver" = Bamboo
"Picasa 3" = Picasa 3
"Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010
"RealPlayer 16.0" = RealPlayer
"Replay Media Catcher 5" = Replay Media Catcher 5 (5.0.1.54)
"SING & SEE STUDENT_is1" = Cantovation Sing & See Student v1.5.4
"Switch" = Switch Sound File Converter
"TreeSize Free_is1" = TreeSize Free V3.0.1
"VLC media player" = VLC media player 1.1.7
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Sound Editor
"What's Running_is1" = What's Running 3.0
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1135327352-3689979529-191883833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google+ Auto Backup" = Google+ Auto Backup
"Sansa Updater" = Sansa Updater
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UpdaterEX" = Extended Update
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/15/2014 8:53:17 AM | Computer Name = Lido-PC | Source = TabletServicePen | ID = 0
Description =
 
Error - 10/15/2014 2:54:48 PM | Computer Name = Lido-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 32.0.3.5379,
 time stamp: 0x54224e6b  Faulting module name: mozalloc.dll, version: 32.0.3.5379,
 time stamp: 0x54221b67  Exception code: 0x80000003  Fault offset: 0x0000141b  Faulting
 process id: 0x9c0  Faulting application start time: 0x01cfe8a377b9f7bd  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: bc4772f2-549c-11e4-bb4b-b870f4585bca
 
Error - 10/16/2014 9:16:48 AM | Computer Name = Lido-PC | Source = TabletServicePen | ID = 0
Description =
 
Error - 10/16/2014 11:41:09 AM | Computer Name = Lido-PC | Source = TabletServicePen | ID = 0
Description =
 
Error - 10/17/2014 12:57:25 PM | Computer Name = Lido-PC | Source = TabletServicePen | ID = 0
Description =
 
Error - 10/17/2014 4:50:58 PM | Computer Name = Lido-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 32.0.3.5379,
 time stamp: 0x54224e6b  Faulting module name: mozalloc.dll, version: 32.0.3.5379,
 time stamp: 0x54221b67  Exception code: 0x80000003  Fault offset: 0x0000141b  Faulting
 process id: 0x1638  Faulting application start time: 0x01cfea4bd1b312be  Faulting application
 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module
 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: 4b30bee5-563f-11e4-a53f-b870f4585bca
 
Error - 10/18/2014 9:31:51 AM | Computer Name = Lido-PC | Source = TestWorker | ID = 131073
Description =
 
Error - 10/22/2014 7:28:51 PM | Computer Name = Lido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10/22/2014 7:28:51 PM | Computer Name = Lido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15569
 
Error - 10/22/2014 7:28:51 PM | Computer Name = Lido-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15569
 
[ Media Center Events ]
Error - 5/6/2013 1:01:48 PM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 1:01:44 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80080005)  
 
Error - 5/17/2013 12:24:14 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 12:24:14 AM - Failed to retrieve NetTV (Error: The request failed
with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 12:24:22 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 12:24:21 AM - Failed to retrieve SportsV2 (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 1:24:26 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 1:24:25 AM - Failed to retrieve NetTV (Error: The request failed with
 HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 1:24:28 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 1:24:27 AM - Failed to retrieve SportsV2 (Error: Invalid security
token.)  
 
Error - 5/17/2013 2:24:41 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 2:24:37 AM - Failed to retrieve SportsV2 (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 12:34:40 PM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 12:34:36 PM - Failed to retrieve SportsSchedule (Error: The request
 failed with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 1:34:42 PM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 1:34:41 PM - Failed to retrieve SportsSchedule (Error: The request
 failed with HTTP status 403: Forbidden.)  
 
Error - 5/31/2013 10:42:22 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 10:42:22 AM - Error connecting to the internet.  10:42:22 AM -     Unable
 to contact server..  
 
Error - 5/31/2013 10:42:39 AM | Computer Name = Lido-PC | Source = MCUpdate | ID = 0
Description = 10:42:28 AM - Error connecting to the internet.  10:42:28 AM -     Unable
 to contact server..  
 
[ System Events ]
Error - 10/20/2014 4:21:26 PM | Computer Name = Lido-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 10/21/2014 7:08:55 AM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.
 
Error - 10/21/2014 8:00:04 PM | Computer Name = Lido-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 10/21/2014 8:00:06 PM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error - 10/21/2014 10:00:33 PM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error - 10/22/2014 11:25:43 AM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
 
Error - 10/22/2014 2:31:12 PM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR9.
 
Error - 10/22/2014 4:13:38 PM | Computer Name = Lido-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the LanmanServer service.
 
Error - 10/22/2014 4:14:08 PM | Computer Name = Lido-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 10/23/2014 7:10:25 AM | Computer Name = Lido-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.
 
 
< End of report >
 


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,



Programs to remove. Click > Start > Control Panel > Programs & Features. In the list please find:
  • Updater By SweetPacks 2.0.0.586
  • Astromenda
  • SunriseBrowse
Next an OTL fix
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}: "URL" = http://astromenda.co...=1715490871&ir=
    IE - HKU\S-1-5-21-1135327352-3689979529-191883833-1001\..\SearchScopes\0D110202C5D0481BB698C74B24C2428C: "URL" = http://search.condui...q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Astromenda"
    FF - prefs.js..browser.search.selectedEngine: "Astromenda"
    [2014/08/19 17:40:52 | 000,002,827 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Astromenda.xml
    O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]
    [2014/10/23 07:41:02 | 000,000,288 | ---- | M] () -- C:\windows\tasks\WSE_Astromenda.job
    [2014/10/23 07:41:00 | 000,000,288 | ---- | M] () -- C:\windows\tasks\UpdaterEX.job
    
    
    :Files
    ipconfig /flushdns /c
    C:\windows\tasks\WSE_Astromenda.job
    C:\windows\tasks\UpdaterEX.job
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:
  • The OTL Fix log, that log will pop up on the desktop when the fix is done.
  • New OTL after quick scan.
Thanks
Joe :)
  • 0

#8
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
  • Updater By SweetPacks 2.0.0.586  -- not found - did find SweetPacks and removed
  • Astromenda -- not found
  • SunriseBrowse  -- found Updater and deleted

---------------------------------OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "Astromenda" removed from browser.search.defaultenginename
Prefs.js: "Astromenda" removed from browser.search.selectedEngine
C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Astromenda.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\windows\msdownld.tmp folder deleted successfully.
C:\Users\Lido\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla.dll deleted successfully.
C:\Users\Lido\048298C9A4D3490B9FF9AB023A9238F3.TMP\WiseCustomCalla6.dll deleted successfully.
C:\Users\Lido\048298C9A4D3490B9FF9AB023A9238F3.TMP folder deleted successfully.
C:\Windows\Tasks\WSE_Astromenda.job moved successfully.
C:\Windows\Tasks\UpdaterEX.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lido\Desktop\cmd.bat deleted successfully.
C:\Users\Lido\Desktop\cmd.txt deleted successfully.
File\Folder C:\windows\tasks\WSE_Astromenda.job not found.
File\Folder C:\windows\tasks\UpdaterEX.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: dub_cm_auto
 
User: Lido
->Temp folder emptied: 120934434 bytes
->Temporary Internet Files folder emptied: 54738424 bytes
->Java cache emptied: 2579869 bytes
->FireFox cache emptied: 8959627 bytes
->Google Chrome cache emptied: 36616687 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 631 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80615 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43236850 bytes
RecycleBin emptied: 603707 bytes
 
Total Files Cleaned = 255.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10262014_124828

Files\Folders moved on Reboot...
C:\Users\Lido\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lido\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
C:\windows\temp\Amazon Digital Video\Servicelog.adv moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

---------------------------- OTL log   Quick Scan

OTL logfile created on: 10/26/2014 1:08:54 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lido\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 61.81% Memory free
7.60 Gb Paging File | 6.07 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 270.64 Gb Free Space | 59.78% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 296.99 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
 
Computer Name: LIDO-PC | User Name: Lido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/23 07:52:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
PRC - [2014/10/02 16:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/07/22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/16 16:02:24 | 000,579,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2014/06/16 15:59:40 | 001,537,536 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2014/04/01 14:38:18 | 002,007,392 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/03/26 18:41:12 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/06/06 16:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/15 17:13:23 | 007,668,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 17:13:21 | 000,794,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 17:13:21 | 000,122,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 17:13:20 | 002,822,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 17:13:16 | 000,976,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 17:13:15 | 010,100,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/01 14:37:56 | 000,371,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/03/26 18:42:08 | 000,091,976 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/03/26 18:42:00 | 000,338,784 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/03/26 18:41:58 | 001,403,224 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/03/26 18:41:48 | 000,043,880 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/03/26 18:41:46 | 000,689,000 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/03/26 18:41:44 | 000,060,272 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/03/26 18:41:36 | 000,205,672 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/03/26 18:41:24 | 007,730,016 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/03/26 18:41:10 | 005,979,488 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/03/26 18:41:08 | 001,523,560 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/03/26 18:41:02 | 003,261,280 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/03/26 18:41:02 | 002,229,096 | ---- | M] () -- C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2014/02/26 12:53:23 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/27 11:14:00 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/08/08 22:36:10 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/23 19:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 19:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/10/02 16:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/25 14:31:57 | 000,114,288 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/02 08:45:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/28 11:40:08 | 000,101,376 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/11/29 00:00:41 | 000,132,056 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/08/02 16:47:26 | 000,145,256 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/08/24 17:56:04 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/25 22:26:58 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 22:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 22:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/06/03 08:15:10 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2014/06/03 08:15:07 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014/06/03 08:15:07 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/06/03 08:15:07 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/06/03 08:15:07 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/06/03 08:15:07 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2013/12/02 19:22:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:43 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/08/20 07:32:48 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2013/08/20 07:32:46 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2013/06/02 05:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2013/02/28 21:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/04 07:19:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 14:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/12 17:37:34 | 000,325,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 12:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/06 18:41:42 | 000,235,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 14:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2014/10/03 15:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/09 10:19:54 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/09 10:19:54 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 14:31:43 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/08/21 16:28:27 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141025.001\ex64.sys -- (NAVEX15)
DRV - [2014/08/21 16:28:26 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141025.001\eng64.sys -- (NAVENG)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}
IE - HKCU\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{212D1EE6-E1B8-419A-8C84-EA046D4D3FFA}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://search.condui...1501405022&UM=2
IE - HKCU\..\SearchScopes\{A867B985-CC43-404D-B808-9D3466AE3ACB}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{BFDA9747-DAE3-4C18-9D77-C3A203BA56B5}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\0D110202C5D0481BB698C74B24C2428C: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://groups.google...oup/oceanaires"
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.1.2
FF - prefs.js..extensions.enabledAddons: %7Bfef7f75c-f985-4250-96f9-8183cd04238b%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/10/26 13:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/02 18:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/27 15:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Extensions
[2014/10/26 12:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions
[2014/09/07 15:23:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/31 14:46:24 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube Full HD Download") -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\[email protected]
[2014/10/26 12:26:44 | 000,542,926 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/10 17:30:22 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2014/08/20 10:31:22 | 000,008,654 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi
[2013/07/01 16:49:15 | 000,001,793 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Bing.xml
[2013/04/23 09:24:58 | 000,001,110 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
[2014/07/24 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 14:31:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_2\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\
 
O1 HOSTS File: ([2014/10/26 12:50:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [PCShowServer] C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{489208A3-43DB-4783-BF18-0C187AED2C3E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/26 12:48:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/23 07:52:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
[2014/10/16 10:38:18 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Citrix
[2014/10/08 14:00:39 | 000,000,000 | ---D | C] -- C:\Financial
[2014/09/30 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\Lido\Desktop\IndexC
[2014/09/28 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Astromenda
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/26 13:12:19 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/26 13:12:19 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/26 13:11:00 | 000,786,578 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/26 13:11:00 | 000,665,554 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/26 13:11:00 | 000,123,330 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/26 13:05:18 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/10/26 13:04:27 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/26 13:04:27 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2014/10/26 13:03:54 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/26 13:03:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/26 13:03:24 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/26 12:50:32 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/10/26 12:41:01 | 000,000,115 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/10/26 12:27:14 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/26 12:26:46 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
[2014/10/24 09:26:03 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
[2014/10/23 07:52:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Desktop\OTL.exe
[2014/10/22 17:13:25 | 000,001,595 | ---- | M] () -- C:\Users\Lido\Desktop\GEEKS.lnk
[2014/10/16 09:09:26 | 000,002,411 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/10/16 09:08:57 | 000,440,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/16 09:05:53 | 003,075,180 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/16 09:05:01 | 000,048,844 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/02 16:14:26 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2014/10/22 17:09:02 | 000,001,595 | ---- | C] () -- C:\Users\Lido\Desktop\GEEKS.lnk
[2014/09/23 14:34:54 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/08/25 09:41:01 | 000,000,115 | ---- | C] () -- C:\Users\Lido\AppData\Roaming\WB.CFG
[2014/08/01 11:48:00 | 000,055,922 | ---- | C] () -- C:\Users\Lido\P7300586.JPG
[2014/08/01 11:48:00 | 000,054,710 | ---- | C] () -- C:\Users\Lido\P7300588.JPG
[2014/08/01 11:48:00 | 000,048,198 | ---- | C] () -- C:\Users\Lido\P7300587.JPG
[2014/08/01 11:47:00 | 000,054,661 | ---- | C] () -- C:\Users\Lido\P7300585.JPG
[2014/07/01 08:56:50 | 000,000,204 | ---- | C] () -- C:\Users\Lido\AppData\Local\singandsee.ini
[2014/06/26 15:07:59 | 003,574,576 | ---- | C] () -- C:\Users\Lido\FaithQuartet.pdf
[2014/04/18 14:15:31 | 000,001,471 | ---- | C] () -- C:\Users\Lido\AppData\Local\recently-used.xbel
[2014/03/17 18:24:35 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\ThumbExtract.dll
[2014/03/17 18:24:34 | 000,372,736 | ---- | C] () -- C:\windows\SysWow64\GTTunerCard.dll
[2014/03/17 18:24:34 | 000,175,104 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2014/02/03 19:02:50 | 000,000,232 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2014/02/03 19:02:50 | 000,000,092 | ---- | C] () -- C:\windows\brpcfx.ini
[2014/02/03 19:02:12 | 000,026,119 | ---- | C] () -- C:\windows\BRRBCOM.INI
[2014/02/03 18:51:14 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2014/01/24 10:43:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/01/24 10:43:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/01/24 10:43:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/01/24 10:43:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/01/24 10:43:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/12/02 18:29:59 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2013/08/20 07:32:46 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/08/20 07:32:34 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/08/14 07:05:52 | 000,000,258 | RHS- | C] () -- C:\Users\Lido\ntuser.pol
[2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2012/08/13 14:55:32 | 000,001,055 | ---- | C] () -- C:\Users\Lido\Music - Shortcut.lnk
[2012/01/20 14:12:27 | 000,007,605 | ---- | C] () -- C:\Users\Lido\AppData\Local\Resmon.ResmonCfg
[2011/11/13 08:55:25 | 000,044,074 | ---- | C] () -- C:\Users\Lido\AirForce.JPG
[2011/11/13 08:53:56 | 000,035,052 | ---- | C] () -- C:\Users\Lido\CoastGuard.jpg
[2011/11/13 08:51:54 | 001,696,055 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.mp4
[2011/11/10 17:01:06 | 001,547,413 | ---- | C] () -- C:\Users\Lido\US Air Force Song - _Off We Go_..flv
[2011/11/10 16:59:33 | 001,429,265 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.flv
[2011/09/14 09:30:47 | 000,158,236 | ---- | C] () -- C:\Users\Lido\DowJones.pdf
[2011/08/04 18:53:45 | 001,110,476 | ---- | C] () -- C:\Program Files (x86)\7-Zip.exe
[2011/06/27 20:58:48 | 000,015,360 | ---- | C] () -- C:\Users\Lido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 19:24:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/07/24 05:26:22 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\052551
[2013/12/13 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Amazon
[2014/01/02 15:03:14 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Apowersoft
[2014/08/19 17:40:44 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Astromenda
[2014/06/03 08:41:09 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Audacity
[2011/12/17 17:11:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Avery
[2012/07/13 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Blackboard
[2011/06/25 05:55:58 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Book Place
[2012/07/13 13:14:29 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Collaborate
[2014/07/15 09:19:42 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\ControlCenter4
[2014/09/10 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DIRECTV
[2014/01/06 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DiskAid
[2011/07/11 19:24:08 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\DriverFinder
[2013/07/10 06:57:05 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Dropbox
[2014/01/13 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\EDIMAX IP Camera Viewer
[2013/07/13 08:12:25 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\EurekaLog
[2014/10/14 14:22:06 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\FLV and Media Player
[2014/08/27 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\HandBrake
[2011/10/28 13:55:04 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\ID Vault
[2012/06/10 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\JAM Software
[2011/07/24 06:19:33 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\KompoZer
[2012/07/17 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\MakeMusic
[2014/02/11 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Nuance
[2014/04/08 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\PC-FAX TX
[2014/01/17 12:18:12 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Philipp Winterberg
[2014/03/14 08:45:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Quicken WillMaker
[2014/09/10 11:22:08 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Replay Media Catcher 5
[2011/07/22 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\SanDisk
[2011/06/19 14:52:30 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Tific
[2011/06/26 19:58:53 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Toshiba
[2014/08/19 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\UpdaterEX
[2013/07/10 06:56:19 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\uTorrent
[2011/06/19 13:51:01 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WinBatch
[2014/01/13 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Windows Live Writer
[2014/03/07 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Wondershare
[2014/08/19 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WSE_Astromenda
[2014/02/09 18:38:34 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\WTouch
[2012/06/11 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Yamb
[2014/03/10 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Lido\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
 

thanks    Vic


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post
    • The AdwCleaner log after you run the "Clean option"
    • The JRT.txt log
    Thanks
    Joe :)



  • 0

#10
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

# AdwCleaner v4.002 - Report created 27/10/2014 at 11:31:32
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lido - LIDO-PC
# Running from : C:\Users\Lido\Downloads\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lido\AppData\Local\Astromenda
Folder Deleted : C:\Users\Lido\AppData\Roaming\Astromenda
Folder Deleted : C:\Users\Lido\AppData\Local\blekkotb_031
Folder Deleted : C:\Users\Lido\AppData\LocalLow\DataMngr
Folder Deleted : C:\Program Files (x86)\SunriseBrowse
Folder Deleted : C:\Users\Lido\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Lido\AppData\Roaming\wse_astromenda
Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Deleted : C:\Program Files (x86)\Driver Support
Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
[!] Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Lido\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
File Deleted : C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMScanRunOnce
Task Deleted : Driver Support-RTMUpdater
Task Deleted : DTReg
Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : UpdaterEX
Task Deleted : WSE_Astromenda

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKLM\SOFTWARE\Solvusoft
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [30499 octets] - [23/01/2014 10:01:41]
AdwCleaner[R1].txt - [10996 octets] - [27/10/2014 10:39:25]
AdwCleaner[S0].txt - [28105 octets] - [23/01/2014 10:09:46]
AdwCleaner[S1].txt - [10369 octets] - [27/10/2014 11:31:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10430 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lido on Mon 10/27/2014 at 11:42:35.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver support



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"



~~~ Files

Successfully deleted: [File] "C:\Users\Lido\desktop\ftdownloader.lnk"
Successfully deleted: [File] C:\windows\prefetch\DRIVERSUPPORT.EXE-7FC7C60C.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lido\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Lido\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{04C52908-05A3-4623-9894-F339FDDD2632}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{0C89F39D-3177-4963-841B-3B9D415D702E}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{1549BB5B-91BE-4972-B161-11B55E59AEF4}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{50F264A0-F620-45D6-AFC4-483A3069D6A8}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{6FDB725F-C665-4D41-802F-ECE797CF67B9}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{74151AD9-17FA-4F02-998D-BC5D1E07469E}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{77F333E9-E81B-4ED9-AB95-419606985469}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{7BE5F1A9-B0F5-411B-9F58-BDF3143B757A}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{7DB3AA04-FD7E-42C3-849F-882B027989F1}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{A16E30F0-EF9B-4D4C-AAC3-7BF50E0D51CA}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{B9677164-1672-4771-BF7D-3DA56128BD4B}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{CC6C975F-A67C-4756-AB20-E964AF2F303A}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{DB0C05FC-10A8-4DF7-91C2-EC159D547784}
Successfully deleted: [Empty Folder] C:\Users\Lido\appdata\local\{FC120500-F324-4127-A144-1C17722335A0}



~~~ FireFox

Successfully deleted the following from C:\Users\Lido\AppData\Roaming\mozilla\firefox\profiles\awdmrlgc.default\prefs.js

user_pref("SothinkWebVideoDownloaderWebVideoDownloader.DownloadedArray_5.url", "hxxp://184.105.137.123/flv2/1313700901_1447910914:2KJHV9wtgMs/530748_uma_thurman_maria_demedeir
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.DownloadedArray_81.url", "hxxp://173.192.22.206/flv2/1311287402_168754498:Q6aV9aKQmWs/416100_swingersakce_6_-_2.cast_par
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1085.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=5193
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1086.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=4457
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1087.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=3831
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1088.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=3243
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1089.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=2948
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1090.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=2339
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1091.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=1850
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1092.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=1420
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1093.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=1055
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1094.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=7903
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1095.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=5604
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1096.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv?start=3042
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_1097.url", "hxxp://173.193.223.161/flv2/1313701692_1447910683:gCKxV9z56CU/513315_simply_blue.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_12.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&sta
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_133.url", "hxxp://video.gorillanation.com/v1/ads_gnm/6014.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_15.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&sta
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_16.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&src
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_276.url", "hxxp://o-o.preferred.comcast-iad1.v19.lscache3.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_279.url", "hxxp://v17.nonxt6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_280.url", "hxxp://v17.nonxt8.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_281.url", "hxxp://tc.v12.cache5.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csour
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_282.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_283.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_284.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_285.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_286.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_287.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_288.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_289.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_290.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_291.url", "hxxp://o-o.preferred.comcast-iad1.v17.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_294.url", "hxxp://v12.nonxt5.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_428.url", "hxxp://o-o.preferred.comcast-iad1.v21.lscache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_429.url", "hxxp://o-o.preferred.comcast-iad1.v9.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2C
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_430.url", "hxxp://o-o.preferred.comcast-iad1.v12.lscache2.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_431.url", "hxxp://o-o.preferred.comcast-iad1.v15.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_434.url", "hxxp://o-o.preferred.comcast-iad1.v15.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_435.url", "hxxp://o-o.preferred.comcast-iad1.v13.lscache5.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_436.url", "hxxp://o-o.preferred.comcast-iad1.v9.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2C
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_437.url", "hxxp://o-o.preferred.comcast-iad1.v15.lscache7.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_548.url", "hxxp://v6.cache3.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_549.url", "hxxp://tc.v14.cache6.c.youtube.com/videoplayback?ip=68.0.0.0&key=yt1&source=youtube&sver=3&facto
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_551.url", "hxxp://v23.nonxt2.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_552.url", "hxxp://v2.cache6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_553.url", "hxxp://v1.cache1.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_554.url", "hxxp://v3.cache5.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_555.url", "hxxp://v7.cache5.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_556.url", "hxxp://v12.nonxt6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_558.url", "hxxp://v17.nonxt2.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_559.url", "hxxp://v24.nonxt8.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_560.url", "hxxp://v3.cache2.c.youtube.com/videoplayback?ip=68.0.0.0&key=yt1&source=youtube&ipbits=8&fexp=90
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_561.url", "hxxp://v11.nonxt6.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_562.url", "hxxp://tc.v2.cache7.c.youtube.com/videoplayback?cp=U0hRRVBUUl9FSkNOMV9ITlZJOk55Mzc4SE9xMnFj&spar
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_6.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&star
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_671.url", "hxxp://v9.nonxt1.c.youtube.com/videoplayback?sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Csource%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_676.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110708_ToyotaVenza_MessagesCat_15.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_677.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110815_Stub_Hub_football15.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_678.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110830_CapOne_WashingtonDC30.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_679.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110830_Sprint_ChartsUnlimited30.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_680.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110901_SWAir_Kiosk_15.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_681.url", "hxxp://brsseavideo-ak.espn.go.com/ads/SEA_ad_110830_CapOne_SanFrancisco30.flv");
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_683.url", "hxxp://o-o.preferred.comcast-iad1.v18.lscache4.c.youtube.com/videoplayback?sparams=id%2Cexpire%2
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_7.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&star
user_pref("SothinkWebVideoDownloaderWebVideoDownloader.HistoryArray_8.url", "hxxp://cdn-50.empflix.com/dev96/0/000/110/0000110069.fid?key=596b2e61161c529d8407bb9df908c024&star
user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394213452163");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
Emptied folder: C:\Users\Lido\AppData\Roaming\mozilla\firefox\profiles\awdmrlgc.default\minidumps [367 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Lido\appdata\local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 11:46:47.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thanks Vic




 


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello.

How is the computer ? Tell me what pops up still and in what browser ??

I also want to see a different point of view; Follow the instructions below and post 2 log files please.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
In your next post to me:
  • FRST.txt
  • Addition.txt
Thanks
Joe :)
  • 0

#12
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Not sure how to describe the current problem

First I get new tab with redirect to Surveys and other ads - preceeded by HTML and a few second delay befor the image appears

Second I geo three popup boxes at the bottom of the Firefox window - I can close them with an x in grey at the upper right corner of each.

Can I paste a snippet of these as a Reply?

===============================================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Lido (administrator) on LIDO-PC on 28-10-2014 11:13:34
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NDS Technologies) C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(SanDisk Corporation) C:\Users\Lido\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [Google Update] => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [PCShowServer] => C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-03-26] (NDS Technologies)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {24714634-4714-4F24-AB36-D070CE465A52} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0225C32A-3BEF-4466-B270-EA8806138865} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {0225C32A-3BEF-4466-B270-EA8806138865} URL = http://www.google.co...&rlz=1I7TSNF_en
SearchScopes: HKCU - {212D1EE6-E1B8-419A-8C84-EA046D4D3FFA} URL = http://www.google.co...&rlz=1I7TSNF_en
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
SearchScopes: HKCU - {A867B985-CC43-404D-B808-9D3466AE3ACB} URL = http://www.google.co...&rlz=1I7TSNF_en
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default
FF DefaultSearchEngine:
FF DefaultSearchUrl:
FF SelectedSearchEngine:
FF Homepage: hxxp://groups.google.com/group/oceanaires
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Users\Lido\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lido\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\[email protected] [2014-07-31]
FF Extension: DownloadHelper - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: NoScript - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2012-09-15]
FF Extension: SunriseBrowse - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi [2014-08-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-26]
CHR Extension: (RealDownloader) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lido\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101376 2012-12-28] (Freemake) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2012-11-29] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-06-03] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141027.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.017\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.017\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 11:13 - 2014-10-28 11:15 - 00028898 _____ () C:\Users\Lido\Desktop\FRST.txt
2014-10-28 11:13 - 2014-10-28 11:14 - 00000000 ____D () C:\FRST
2014-10-28 11:10 - 2014-10-28 11:10 - 02113024 _____ (Farbar) C:\Users\Lido\Desktop\FRST64.exe
2014-10-27 11:46 - 2014-10-27 11:46 - 00014869 _____ () C:\Users\Lido\Desktop\JRT.txt
2014-10-27 11:42 - 2014-10-27 11:42 - 00000000 ____D () C:\windows\ERUNT
2014-10-27 11:39 - 2014-10-27 11:39 - 01706144 _____ (Thisisu) C:\Users\Lido\Downloads\JRT.exe
2014-10-27 10:37 - 2014-10-27 10:38 - 01998336 _____ () C:\Users\Lido\Downloads\adwcleaner_4.002.exe
2014-10-26 12:48 - 2014-10-26 12:48 - 00000000 ____D () C:\_OTL
2014-10-23 08:12 - 2014-10-23 08:12 - 00112972 _____ () C:\Users\Lido\Desktop\Extras.Txt
2014-10-23 07:52 - 2014-10-23 07:52 - 00602112 _____ (OldTimer Tools) C:\Users\Lido\Desktop\OTL.exe
2014-10-22 17:20 - 2014-10-22 17:20 - 00113514 _____ () C:\Users\Lido\Downloads\Extras.Txt
2014-10-22 17:09 - 2014-10-22 17:13 - 00001595 _____ () C:\Users\Lido\Desktop\GEEKS.lnk
2014-10-22 17:02 - 2014-10-22 17:02 - 00602112 _____ (OldTimer Tools) C:\Users\Lido\Downloads\OTL (2).exe
2014-10-16 15:21 - 2014-10-16 15:21 - 00880272 _____ (Google Inc.) C:\Users\Lido\Downloads\googledrivesync(3).exe
2014-10-16 10:40 - 2014-10-16 10:40 - 01584416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Lido\Downloads\GoToAssist.exe
2014-10-16 10:38 - 2014-10-16 10:38 - 00000000 ____D () C:\Users\Lido\AppData\Local\Citrix
2014-10-16 09:20 - 2014-10-16 09:21 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2014-10-16 09:18 - 2014-10-28 09:18 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001
2014-10-16 09:18 - 2014-10-28 09:18 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001
2014-10-15 09:25 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 09:25 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 09:25 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 09:25 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 09:25 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 09:25 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 09:25 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 09:25 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 09:25 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 09:25 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 09:25 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 09:25 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 09:25 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 09:25 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 09:25 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 09:25 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 09:25 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 09:25 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 09:25 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 09:25 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 09:25 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 09:25 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 09:25 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 09:25 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:25 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 09:25 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 09:25 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:25 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:25 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 09:25 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:25 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 09:25 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 09:25 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 09:25 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 09:25 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 09:25 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 09:25 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 09:25 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 09:25 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 09:25 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 09:25 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:25 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 09:25 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 09:25 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 09:25 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:25 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 09:25 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 09:25 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 09:25 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 09:25 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 09:23 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 09:23 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 09:23 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 09:23 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 09:23 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 09:23 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 09:23 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 09:23 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 09:23 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 09:23 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 09:23 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 09:23 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 09:23 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 09:23 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 09:23 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 09:23 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 09:23 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:23 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:23 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 09:22 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 09:22 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 09:22 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 09:22 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 09:22 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 09:22 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 09:22 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 09:22 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 09:22 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 09:22 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 09:22 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 09:22 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 09:22 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 09:22 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 09:22 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 09:22 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 09:22 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 09:22 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 09:22 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 09:22 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 09:17 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 09:17 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 09:17 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 09:17 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 09:17 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 09:17 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 09:17 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 09:16 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 09:16 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 09:16 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 09:16 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 09:16 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 09:16 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 09:16 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 09:16 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:15 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 09:15 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-08 14:00 - 2014-10-10 12:53 - 00000000 ____D () C:\Financial
2014-10-07 10:05 - 2014-10-07 10:05 - 00000063 ____H () C:\Users\Lido\Downloads\.picasa.ini
2014-10-02 20:43 - 2014-10-02 20:43 - 00398656 _____ () C:\Users\Lido\Downloads\FLVPlayer-Chrome.exe
2014-10-01 09:33 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 09:33 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 11:55 - 2014-10-17 16:51 - 00232960 _____ () C:\Users\Lido\Desktop\IndexCardX.xls
2014-09-30 11:52 - 2014-09-30 11:53 - 00000000 ____D () C:\Users\Lido\Desktop\IndexC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 11:04 - 2012-04-03 08:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 11:00 - 2011-06-25 07:34 - 00000000 ____D () C:\Archive
2014-10-28 10:27 - 2010-10-26 23:28 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 10:26 - 2012-09-20 20:07 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
2014-10-28 09:27 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 09:27 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 09:26 - 2012-09-20 20:07 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
2014-10-28 09:24 - 2011-06-08 22:32 - 02024241 _____ () C:\windows\WindowsUpdate.log
2014-10-28 09:24 - 2009-07-14 01:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-28 09:19 - 2014-09-23 14:34 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2014-10-28 09:19 - 2013-04-08 11:56 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-10-28 09:18 - 2014-01-27 15:04 - 00029420 _____ () C:\windows\setupact.log
2014-10-28 09:18 - 2010-10-26 23:28 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 09:18 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-27 11:34 - 2014-01-27 15:03 - 01327784 _____ () C:\windows\PFRO.log
2014-10-27 11:32 - 2014-01-23 10:01 - 00000000 ____D () C:\AdwCleaner
2014-10-27 11:31 - 2011-07-21 16:14 - 00000000 ____D () C:\Users\Lido\Documents\Outlook Files
2014-10-27 10:41 - 2014-08-25 09:41 - 00000122 _____ () C:\Users\Lido\AppData\Roaming\WB.CFG
2014-10-26 14:09 - 2014-09-10 12:09 - 00000000 ____D () C:\Users\Lido\AppData\Roaming\FLV and Media Player
2014-10-26 13:23 - 2014-01-17 14:56 - 00119332 _____ () C:\Users\Lido\Desktop\OTL.Txt
2014-10-26 13:06 - 2014-01-23 09:54 - 00000000 ____D () C:\Users\Lido\Desktop\GEEKS
2014-10-26 12:49 - 2011-06-19 13:50 - 00000000 ____D () C:\Users\Lido
2014-10-26 12:17 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-24 10:34 - 2012-07-02 09:33 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2014-10-22 17:18 - 2014-01-22 14:01 - 00148396 _____ () C:\Users\Lido\Downloads\OTL.Txt
2014-10-22 17:09 - 2014-06-22 15:31 - 00154624 ___SH () C:\Users\Lido\Desktop\Thumbs.db
2014-10-22 14:33 - 2011-06-21 17:09 - 00000000 ___RD () C:\Users\Lido\Desktop\Oceanaires
2014-10-21 07:42 - 2014-08-15 14:41 - 00000000 ____D () C:\Users\Lido\AppData\Local\DIRECTV Player
2014-10-20 15:54 - 2012-10-07 12:07 - 00000000 ____D () C:\Faith
2014-10-20 09:21 - 2012-09-20 20:07 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA
2014-10-20 09:21 - 2012-09-20 20:07 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core
2014-10-17 17:18 - 2013-11-15 12:07 - 00166400 _____ () C:\Users\Lido\Desktop\IndexCardBU - Copy.xls
2014-10-17 16:50 - 2011-06-19 14:30 - 00000000 ____D () C:\Users\Lido\AppData\Local\CrashDumps
2014-10-17 14:27 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 15:22 - 2010-10-26 23:28 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 15:22 - 2010-10-26 23:28 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 09:56 - 2011-10-11 09:45 - 00000000 ____D () C:\Users\Lido\Documents\MyManuals
2014-10-16 09:11 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 09:10 - 2011-06-27 17:34 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-16 09:09 - 2013-12-03 10:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-16 09:09 - 2013-12-02 19:21 - 00002411 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-10-16 09:09 - 2013-02-12 09:10 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-16 09:08 - 2009-07-14 00:45 - 00440328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 09:06 - 2014-05-06 10:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-16 09:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 09:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-15 17:11 - 2011-06-20 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 17:05 - 2013-08-14 07:18 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 16:56 - 2011-07-06 10:41 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 13:54 - 2014-08-11 09:56 - 00230912 _____ () C:\Users\Lido\Desktop\IndexCard16.xls
2014-10-13 20:17 - 2013-05-09 09:14 - 00000000 ___RD () C:\Users\Lido\Documents\My TiVo Recordings
2014-09-30 11:58 - 2011-07-12 08:35 - 00000000 ____D () C:\VLL
2014-09-28 10:13 - 2013-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 12:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by Lido at 2014-10-28 11:15:38
Running from C:\Users\Lido\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acoustic Labs Multitrack Recorder (Demo) (HKLM-x32\...\Acoustic Labs Multitrack Recorder (Demo)) (Version: 3.3 - Acoustic Labs Software LLC)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997225166.48.56.34147562 - Audible, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canta 1.11 (HKLM-x32\...\Canta) (Version: 1.11 - Chaumet Software)
Cantovation Sing & See Student v1.5.4 (HKLM-x32\...\SING & SEE STUDENT_is1) (Version: 1.5.4 - Cantovation Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.110 - Corel Inc.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2420.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2420.0 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct MIDI to MP3 Converter version 6.2.2.46 (HKLM-x32\...\Direct MIDI to MP3 Converter_is1) (Version: 6.2.2.46 - Piston Software)
DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)
Driver Install 64-Bit (HKLM-x32\...\InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}) (Version: 6.0.107.0 - China)
Driver Install 64-Bit (x32 Version: 6.0.107.0 - China) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EdiView Finder v1.0.7 (HKLM-x32\...\EdiView Finder Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
FFmpeg for Audacity on Windows (HKLM-x32\...\FFmpeg for Audacity on Windows_is1) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkling Sketch Manager (HKLM-x32\...\{2D0D4A16-6486-48B5-A9AA-92C93BE62802}) (Version: 1.01.64 - Wacom  Co. Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPCam Surveillance Software 3.0.5.7 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.1.24 - Intuit)
Quicken WillMaker Plus 2010 (HKLM-x32\...\Quicken WillMaker Plus 2010) (Version:  - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Media Catcher 5 (5.0.1.54) (HKLM-x32\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.301 - SanDisk Corporation)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Serif PanoramaPlus Starter Edition (HKLM-x32\...\{64AEB598-E518-4AD0-B02B-99F365B8054C}) (Version: 2.0.0.001 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SunriseBrowse (HKLM\...\SunriseBrowse) (Version: 2014.08.19.200231 - SunriseBrowse) <==== ATTENTION
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.48 - NCH Software)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
What's Running 3.0 (HKLM-x32\...\What's Running_is1) (Version: 3.0 - WhatsRunning.net)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lido\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Lido\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll (DIRECTV)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1135327352-3689979529-191883833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

15-10-2014 20:55:31 Windows Update
23-10-2014 13:41:55 Scheduled Checkpoint
26-10-2014 16:48:43 OTL Restore Point - 10/26/2014 12:48:40 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-26 12:50 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E821E4-D0D5-42C5-8214-2B94406FC982} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {0231DCC6-D674-4FA7-A871-2B522B60A34F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0483DDC3-8306-4722-B6A8-DC9540C08192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {05119F5C-8EF8-4C0D-884C-FD9B79577078} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0AD744C0-1872-4FD2-AA9A-614ED8B95954} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-02] (Adobe Systems Incorporated)
Task: {0D2EBC0B-02E4-4355-AF3A-7DD25DC008A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {279CC4B7-9A1E-4A45-A346-BB034E2F9715} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3631FA42-B88C-400F-9067-9E0961B5096E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)
Task: {3F00DD29-A191-4030-B20B-F935188ED277} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {5F7643F9-0446-41B9-A56A-74EBB772D2EC} - System32\Tasks\Western Digital\SmartWare\____Volume_100c5218_9240_11e0_8b26_806e6f6e6963______Volume_da464cbb_9dd2_11e0_8986_b870f4585bca__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2014-07-22] (Western Digital Technologies, Inc.)
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {6F0A1264-3FB2-47E9-A9C1-657056D21D04} - System32\Tasks\{F4FE2973-21E4-4C20-A5FA-302AA5DE992C} => Firefox.exe http://www.skype.com...LastError=12007
Task: {8552CE22-5B4F-458B-999D-5E46F1542222} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {9A1ED33E-CC65-42E5-9DFD-B0F67ABD2FF4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B36501FD-7E6D-4378-BDD2-391AB5794E27} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-02-24] (Symantec Corporation)
Task: {BA01709D-2897-45B8-AB07-865010C3D781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {BECACD72-AA3F-46C8-9C9B-BC5FAAA3993D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {C5138AB2-EDE5-4CF3-A8B2-135729A3AD0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {C8CD50BF-E76E-4ED2-B68F-38DDDEF69D96} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E0CCB74C-2D7C-482D-94F5-139D28CA7F19} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-01-08 11:04 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-21 09:47 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01523560 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2014-02-03 18:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 05979488 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 03261280 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00338784 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 02229096 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00689000 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 01403224 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-03-26 18:42 - 2014-03-26 18:42 - 00091976 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\z.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00060272 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00043880 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 00205672 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-03-26 18:41 - 2014-03-26 18:41 - 07730016 _____ () C:\Users\Lido\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-06-18 23:07 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-01-04 15:27 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-07-07 09:20 - 2014-09-25 14:31 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SafeCopy Crawler => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lido^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SafeCopy => C:\Program Files\SafeCopy\SafeCopy.exe
MSCONFIG\startupreg: sketchmanager => C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe tray
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TivoNotify => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
MSCONFIG\startupreg: TivoServer => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
MSCONFIG\startupreg: TivoTransfer => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Lido\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-1135327352-3689979529-191883833-500 - Administrator - Disabled)
Guest (S-1-5-21-1135327352-3689979529-191883833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1135327352-3689979529-191883833-1002 - Limited - Enabled)
Lido (S-1-5-21-1135327352-3689979529-191883833-1001 - Administrator - Enabled) => C:\Users\Lido

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


System errors:
=============
Error: (10/27/2014 01:18:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/28/2014 09:18:54 AM) (Source: TabletServicePen) (EventID: 0) (User: )
Description: Could not init tablet driver


CodeIntegrity Errors:
===================================
  Date: 2012-10-31 20:20:03.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-10-31 20:20:03.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-13 14:37:13.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3890.67 MB
Available physical RAM: 2103.04 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 5621.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106041W0C) (Fixed) (Total:452.7 GB) (Free:269.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (My Book) (Fixed) (Total:931.48 GB) (Free:296.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 2604F481)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.6 GB) - (Type=17)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,

Yes you can post that.

Next

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll
Task: {21AE7929-92FC-463E-912F-0B20F88F13AF} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION
Task: {4A1B994F-64F6-476F-9AF4-CECE320AB522} - \The weDownload Manager-enabler No Task File <==== ATTENTION
Task: {6626E2EE-FC5B-43B9-A606-5AEBEFD824A4} - \The weDownload Manager-updater No Task File <==== ATTENTION
Task: {66420AFB-7C44-4F5C-9F3E-E07C798C21EB} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION
Task: {F090C608-D4F8-45D6-B051-485C7D46F7B0} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Please post a new FRST log. Only one log will be generated this time. FRST.TXT
  • 0

#14
Vic from NJ

Vic from NJ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

paste to notepad went fine.  Not sure how to Run FRST/FRST64

Opened CmdE and just typed FRST/FRST64  got the following..  Saw no Fix Button

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Lido (administrator) on LIDO-PC on 28-10-2014 11:13:34
Running from C:\Users\Lido\Desktop
Loaded Profile: Lido (Available profiles: Lido)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NDS Technologies) C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Users\Lido\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(SanDisk Corporation) C:\Users\Lido\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [Google Update] => C:\Users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)
HKU\S-1-5-21-1135327352-3689979529-191883833-1001\...\Run: [PCShowServer] => C:\Users\Lido\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-03-26] (NDS Technologies)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {24714634-4714-4F24-AB36-D070CE465A52} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKLM-x32 - {0225C32A-3BEF-4466-B270-EA8806138865} URL = http://www.google.co...ng}&rlz=1I7TSNF
SearchScopes: HKCU - 0D110202C5D0481BB698C74B24C2428C URL = http://search.condui...q={searchTerms}
SearchScopes: HKCU - {0225C32A-3BEF-4466-B270-EA8806138865} URL = http://www.google.co...&rlz=1I7TSNF_en
SearchScopes: HKCU - {212D1EE6-E1B8-419A-8C84-EA046D4D3FFA} URL = http://www.google.co...&rlz=1I7TSNF_en
SearchScopes: HKCU - {24714634-4714-4F24-AB36-D070CE465A52} URL =
SearchScopes: HKCU - {A867B985-CC43-404D-B808-9D3466AE3ACB} URL = http://www.google.co...&rlz=1I7TSNF_en
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default
FF DefaultSearchEngine:
FF DefaultSearchUrl:
FF SelectedSearchEngine:
FF Homepage: hxxp://groups.google.com/group/oceanaires
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Lido\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Lido\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Users\Lido\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lido\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\[email protected] [2014-07-31]
FF Extension: DownloadHelper - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: NoScript - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2012-09-15]
FF Extension: SunriseBrowse - C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\{fef7f75c-f985-4250-96f9-8183cd04238b}.xpi [2014-08-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr0103_14_34_ff&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDzzyD0B0C0AtB0AzztBtN0D0Tzu0SzyyCtBtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyBtB0FyDtD0B0FzztGzztCyB0AtG0E0AtC0BtG0E0F0C0DtGyCzy0EtA0ByBtAyC0D0ByEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzz0C0F0FtCzztGyByCtC0AtG0EtDzy0EtG0C0C0FyEtGyCtCzzyDyD0FtC0DtAtAtAyE2Q&cr=1715490871&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...=1715490871&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-26]
CHR Extension: (RealDownloader) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lido\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101376 2012-12-28] (Freemake) [File not signed]
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2012-11-29] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-06-03] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141027.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.017\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.017\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 regi; C:\windows\SysWOW64\drivers\regi.sys [11032 2007-04-17] (InterVideo)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 11:13 - 2014-10-28 11:15 - 00028898 _____ () C:\Users\Lido\Desktop\FRST.txt
2014-10-28 11:13 - 2014-10-28 11:14 - 00000000 ____D () C:\FRST
2014-10-28 11:10 - 2014-10-28 11:10 - 02113024 _____ (Farbar) C:\Users\Lido\Desktop\FRST64.exe
2014-10-27 11:46 - 2014-10-27 11:46 - 00014869 _____ () C:\Users\Lido\Desktop\JRT.txt
2014-10-27 11:42 - 2014-10-27 11:42 - 00000000 ____D () C:\windows\ERUNT
2014-10-27 11:39 - 2014-10-27 11:39 - 01706144 _____ (Thisisu) C:\Users\Lido\Downloads\JRT.exe
2014-10-27 10:37 - 2014-10-27 10:38 - 01998336 _____ () C:\Users\Lido\Downloads\adwcleaner_4.002.exe
2014-10-26 12:48 - 2014-10-26 12:48 - 00000000 ____D () C:\_OTL
2014-10-23 08:12 - 2014-10-23 08:12 - 00112972 _____ () C:\Users\Lido\Desktop\Extras.Txt
2014-10-23 07:52 - 2014-10-23 07:52 - 00602112 _____ (OldTimer Tools) C:\Users\Lido\Desktop\OTL.exe
2014-10-22 17:20 - 2014-10-22 17:20 - 00113514 _____ () C:\Users\Lido\Downloads\Extras.Txt
2014-10-22 17:09 - 2014-10-22 17:13 - 00001595 _____ () C:\Users\Lido\Desktop\GEEKS.lnk
2014-10-22 17:02 - 2014-10-22 17:02 - 00602112 _____ (OldTimer Tools) C:\Users\Lido\Downloads\OTL (2).exe
2014-10-16 15:21 - 2014-10-16 15:21 - 00880272 _____ (Google Inc.) C:\Users\Lido\Downloads\googledrivesync(3).exe
2014-10-16 10:40 - 2014-10-16 10:40 - 01584416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Lido\Downloads\GoToAssist.exe
2014-10-16 10:38 - 2014-10-16 10:38 - 00000000 ____D () C:\Users\Lido\AppData\Local\Citrix
2014-10-16 09:20 - 2014-10-16 09:21 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2014-10-16 09:18 - 2014-10-28 09:18 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1135327352-3689979529-191883833-1001
2014-10-16 09:18 - 2014-10-28 09:18 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1135327352-3689979529-191883833-1001
2014-10-15 09:25 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 09:25 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 09:25 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 09:25 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 09:25 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 09:25 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 09:25 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 09:25 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 09:25 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 09:25 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 09:25 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 09:25 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 09:25 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 09:25 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 09:25 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 09:25 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 09:25 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 09:25 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 09:25 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 09:25 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 09:25 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 09:25 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 09:25 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 09:25 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 09:25 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:25 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 09:25 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 09:25 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:25 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 09:25 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:25 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 09:25 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:25 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 09:25 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 09:25 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 09:25 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 09:25 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 09:25 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 09:25 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 09:25 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 09:25 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 09:25 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 09:25 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:25 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 09:25 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 09:25 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 09:25 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:25 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 09:25 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 09:25 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 09:25 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 09:25 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 09:23 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 09:23 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 09:23 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 09:23 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 09:23 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 09:23 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 09:23 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 09:23 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 09:23 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 09:23 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 09:23 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 09:23 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 09:23 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 09:23 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 09:23 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 09:23 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 09:23 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 09:23 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 09:23 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:23 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:23 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 09:23 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 09:23 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 09:22 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 09:22 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 09:22 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 09:22 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 09:22 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 09:22 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 09:22 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 09:22 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 09:22 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 09:22 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 09:22 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 09:22 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 09:22 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 09:22 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 09:22 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 09:22 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 09:22 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 09:22 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 09:22 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 09:22 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 09:17 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 09:17 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 09:17 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 09:17 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 09:17 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 09:17 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 09:17 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 09:17 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 09:16 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 09:16 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 09:16 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 09:16 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 09:16 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 09:16 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 09:16 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 09:16 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 09:16 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:15 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 09:15 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-08 14:00 - 2014-10-10 12:53 - 00000000 ____D () C:\Financial
2014-10-07 10:05 - 2014-10-07 10:05 - 00000063 ____H () C:\Users\Lido\Downloads\.picasa.ini
2014-10-02 20:43 - 2014-10-02 20:43 - 00398656 _____ () C:\Users\Lido\Downloads\FLVPlayer-Chrome.exe
2014-10-01 09:33 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-01 09:33 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 11:55 - 2014-10-17 16:51 - 00232960 _____ () C:\Users\Lido\Desktop\IndexCardX.xls
2014-09-30 11:52 - 2014-09-30 11:53 - 00000000 ____D () C:\Users\Lido\Desktop\IndexC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 11:04 - 2012-04-03 08:50 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 11:00 - 2011-06-25 07:34 - 00000000 ____D () C:\Archive
2014-10-28 10:27 - 2010-10-26 23:28 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 10:26 - 2012-09-20 20:07 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
2014-10-28 09:27 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 09:27 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 09:26 - 2012-09-20 20:07 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
2014-10-28 09:24 - 2011-06-08 22:32 - 02024241 _____ () C:\windows\WindowsUpdate.log
2014-10-28 09:24 - 2009-07-14 01:13 - 00786578 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-28 09:19 - 2014-09-23 14:34 - 00008192 _____ () C:\windows\SysWOW64\WDPABKP.dat
2014-10-28 09:19 - 2013-04-08 11:56 - 00000435 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-10-28 09:18 - 2014-01-27 15:04 - 00029420 _____ () C:\windows\setupact.log
2014-10-28 09:18 - 2010-10-26 23:28 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 09:18 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-27 11:34 - 2014-01-27 15:03 - 01327784 _____ () C:\windows\PFRO.log
2014-10-27 11:32 - 2014-01-23 10:01 - 00000000 ____D () C:\AdwCleaner
2014-10-27 11:31 - 2011-07-21 16:14 - 00000000 ____D () C:\Users\Lido\Documents\Outlook Files
2014-10-27 10:41 - 2014-08-25 09:41 - 00000122 _____ () C:\Users\Lido\AppData\Roaming\WB.CFG
2014-10-26 14:09 - 2014-09-10 12:09 - 00000000 ____D () C:\Users\Lido\AppData\Roaming\FLV and Media Player
2014-10-26 13:23 - 2014-01-17 14:56 - 00119332 _____ () C:\Users\Lido\Desktop\OTL.Txt
2014-10-26 13:06 - 2014-01-23 09:54 - 00000000 ____D () C:\Users\Lido\Desktop\GEEKS
2014-10-26 12:49 - 2011-06-19 13:50 - 00000000 ____D () C:\Users\Lido
2014-10-26 12:17 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-10-24 10:34 - 2012-07-02 09:33 - 00000000 ____D () C:\Program Files (x86)\PC Checkup
2014-10-22 17:18 - 2014-01-22 14:01 - 00148396 _____ () C:\Users\Lido\Downloads\OTL.Txt
2014-10-22 17:09 - 2014-06-22 15:31 - 00154624 ___SH () C:\Users\Lido\Desktop\Thumbs.db
2014-10-22 14:33 - 2011-06-21 17:09 - 00000000 ___RD () C:\Users\Lido\Desktop\Oceanaires
2014-10-21 07:42 - 2014-08-15 14:41 - 00000000 ____D () C:\Users\Lido\AppData\Local\DIRECTV Player
2014-10-20 15:54 - 2012-10-07 12:07 - 00000000 ____D () C:\Faith
2014-10-20 09:21 - 2012-09-20 20:07 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA
2014-10-20 09:21 - 2012-09-20 20:07 - 00003476 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core
2014-10-17 17:18 - 2013-11-15 12:07 - 00166400 _____ () C:\Users\Lido\Desktop\IndexCardBU - Copy.xls
2014-10-17 16:50 - 2011-06-19 14:30 - 00000000 ____D () C:\Users\Lido\AppData\Local\CrashDumps
2014-10-17 14:27 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 15:22 - 2010-10-26 23:28 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 15:22 - 2010-10-26 23:28 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 09:56 - 2011-10-11 09:45 - 00000000 ____D () C:\Users\Lido\Documents\MyManuals
2014-10-16 09:11 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 09:10 - 2011-06-27 17:34 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-16 09:09 - 2013-12-03 10:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-16 09:09 - 2013-12-02 19:21 - 00002411 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-10-16 09:09 - 2013-02-12 09:10 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-16 09:08 - 2009-07-14 00:45 - 00440328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 09:06 - 2014-05-06 10:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-16 09:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 09:06 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-15 17:11 - 2011-06-20 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 17:05 - 2013-08-14 07:18 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 16:56 - 2011-07-06 10:41 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 13:54 - 2014-08-11 09:56 - 00230912 _____ () C:\Users\Lido\Desktop\IndexCard16.xls
2014-10-13 20:17 - 2013-05-09 09:14 - 00000000 ___RD () C:\Users\Lido\Documents\My TiVo Recordings
2014-09-30 11:58 - 2011-07-12 08:35 - 00000000 ____D () C:\VLL
2014-09-28 10:13 - 2013-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Lido\AppData\Local\Temp\Quarantine.exe
C:\Users\Lido\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 12:25

==================== End Of Log ============================


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hello,

Try again

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Then Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP