My husband caught our son looking at porn on the desktop computer and now it is seriously lagging. Any help would be greatly appreciated.
Tracy
Desktop is running really slow
Started by
busymomof4kids
, Oct 15 2014 05:10 PM
#2
Posted 15 October 2014 - 05:18 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!
First
Please download OTL to your Desktop
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!
First
Please download OTL to your Desktop
- Double click on the
to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it. - Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox
and - Check the option for All under the Extra Registry section
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
#3
Posted 15 October 2014 - 06:09 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
OTL logfile created on: 10/15/2014 7:55:31 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 28.22% Memory free
12.17 Gb Paging File | 7.27 Gb Available in Paging File | 59.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 329.02 Gb Free Space | 56.40% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.81 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
Drive H: | 7.39 Gb Total Space | 0.60 Gb Free Space | 8.15% Space Free | Partition Type: FAT32
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/10/15 19:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracy\Downloads\OTL.exe
PRC - [2014/09/23 00:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/11 18:55:56 | 002,548,016 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2014/09/11 18:55:56 | 000,040,240 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2014/09/03 14:49:24 | 000,138,032 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhchefbgfgaodjebncjkplhbgopbcmno\1.14.911.1_0\chrome.idvault.messaging.exe
PRC - [2014/08/01 13:33:51 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
PRC - [2014/07/22 18:23:04 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/06/25 10:14:08 | 002,020,192 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2014/05/23 06:08:40 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/05/23 06:08:34 | 001,564,992 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/08/17 19:03:08 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () -- C:\Windows\SysWOW64\CSHelper.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/20 22:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/15 03:28:35 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014/10/15 03:27:52 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/15 03:27:42 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/15 03:27:17 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/15 03:27:07 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/15 03:26:32 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/15 03:26:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/10/15 03:15:09 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014/10/15 03:15:02 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\db9cd60ed9ff9585b54d446f37392e8f\System.Web.Services.ni.dll
MOD - [2014/10/15 03:14:59 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\a26884cd80c1d4a7e3f00c795e5cb305\System.Transactions.ni.dll
MOD - [2014/10/15 03:14:58 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/15 03:14:56 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\54565a827b0e5a6f78e93e2ae06dd0e4\System.Runtime.Remoting.ni.dll
MOD - [2014/10/15 03:14:55 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/10/15 03:14:52 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/15 03:14:51 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/15 03:14:44 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 03:14:38 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 03:14:36 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 03:14:35 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 03:14:35 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 03:14:34 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 03:14:29 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 03:14:28 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/15 03:14:23 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 03:14:23 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 03:14:18 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 03:14:17 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/23 00:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/23 00:07:04 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
MOD - [2014/09/23 00:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/23 00:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2014/09/11 18:56:06 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2014/09/03 14:49:24 | 000,138,032 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhchefbgfgaodjebncjkplhbgopbcmno\1.14.911.1_0\chrome.idvault.messaging.exe
MOD - [2014/07/22 18:02:06 | 000,253,440 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/07/22 18:01:32 | 000,231,936 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/07/22 18:01:28 | 000,117,248 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/07/22 18:01:24 | 000,344,064 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/07/12 14:10:22 | 000,026,624 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2014/07/12 14:10:14 | 010,683,392 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2014/07/12 14:10:12 | 007,741,952 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2014/07/12 14:10:12 | 001,681,408 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2014/07/12 14:10:10 | 002,248,192 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2014/06/25 10:13:48 | 001,457,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
MOD - [2014/05/19 17:19:02 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2014/02/26 04:16:59 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 04:05:07 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/26 04:05:06 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/09/08 17:20:51 | 000,043,520 | ---- | M] () -- C:\Windows\SysWOW64\CmdLineExt03.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/17 16:23:56 | 000,292,736 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/10/02 16:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/12 19:16:41 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/11 18:55:56 | 000,040,240 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2014/09/10 06:52:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/07 19:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 15:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/25 10:07:12 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/09/16 20:15:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/09/15 19:02:15 | 000,049,752 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2014/08/25 22:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2014/07/23 01:13:11 | 000,510,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2014/07/23 00:50:26 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/03/18 21:27:24 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/03/18 21:27:24 | 000,109,056 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/02/11 22:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/10 07:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/11/10 07:52:52 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/11/10 07:52:44 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/24 07:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 02:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/02/26 19:46:34 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/06 13:51:08 | 000,028,144 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2005/09/19 14:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbVM31b.sys -- (DCamUSBVM)
DRV - [2014/10/03 15:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/16 17:16:42 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141015.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/09/16 07:53:00 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141014.025\ex64.sys -- (NAVEX15)
DRV - [2014/09/16 07:53:00 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/09/16 07:53:00 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/16 07:53:00 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141014.025\eng64.sys -- (NAVENG)
DRV - [2008/11/28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/06/24 17:28:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.n...id=tbid09152014
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 4D BE D4 01 45 71 0F 4A 99 EB 0F E1 84 A0 27 DF [binary data]
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{083368C3-5B72-4F1A-BE01-5F70570FD6E9}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{1F9F832A-605A-41F5-86AE-6BB407025F1A}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{73FE0C01-C5C3-43B5-B15B-48A5DEFFC59A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Tracy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/17 19:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/10/15 03:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/12 19:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/12 19:16:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/23 19:09:08 | 000,000,000 | ---D | M]
[2014/05/06 11:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions
[2009/09/15 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/07/17 08:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\extensions
[2014/09/15 20:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions
[2014/09/15 19:01:59 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2014/07/02 19:58:16 | 000,000,000 | ---D | M] (DLSecure Toolbar) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\{d0bc04f1-2a66-420b-9131-69bba6dc379e}
[2014/09/15 20:00:02 | 000,000,000 | ---D | M] ("XFINITY Constant Guard Protection Suite") -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\idvaultaddon@whitesky
[2014/09/15 20:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\extensions\temp
[2014/05/11 02:59:38 | 000,002,579 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\searchplugins\default-search.xml
[2014/09/12 19:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/12 19:16:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/02 03:00:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/08/17 19:03:19 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhchefbgfgaodjebncjkplhbgopbcmno\1.14.911.1_0\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhchefbgfgaodjebncjkplhbgopbcmno\1.14.911.1_1\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_1\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.9.12_0\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.9.8_0\
CHR - Extension: No name found = C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
O1 HOSTS File: ([2013/07/23 09:15:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll ()
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DLSecure Toolbar) - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll ()
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.911.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (DLSecure Toolbar) - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx64.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (DLSecure Toolbar) - {7bcc228a-c730-4004-93f9-72cbb7033a62} - C:\Program Files (x86)\dlsecuretb\dlsecureDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [cdloader] C:\Users\Tracy\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [HP Deskjet 3510 series (NET)] C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [MusicManager] C:\Users\Tracy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4F02821-54EB-4101-9E5B-DE4D9B945C85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Tracy\Desktop\dd48451ba89e624d8f05821f8d028c35.jpeg
O24 - Desktop BackupWallPaper: C:\Users\Tracy\Desktop\dd48451ba89e624d8f05821f8d028c35.jpeg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/10/15 14:53:53 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys
[2014/10/15 14:53:53 | 000,876,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys
[2014/10/15 14:53:53 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys
[2014/10/15 14:53:53 | 000,510,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symtdiv.sys
[2014/10/15 14:53:53 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys
[2014/10/15 14:53:53 | 000,266,968 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys
[2014/10/15 14:53:53 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys
[2014/10/15 14:53:53 | 000,037,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys
[2014/10/15 14:53:53 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symelam.sys
[2014/10/15 14:53:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1506000.020
[2014/10/15 03:12:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/15 03:12:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/15 03:06:23 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/15 03:06:23 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/15 03:06:22 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/15 03:06:22 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 03:06:22 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/15 03:06:22 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/14 23:04:10 | 002,339,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/14 23:04:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/10/14 23:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/14 23:04:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/14 23:04:09 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/14 23:04:09 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/14 23:04:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/14 23:04:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/14 23:04:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/14 23:04:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/10/14 23:04:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/14 23:04:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/10/14 23:04:04 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/14 23:04:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/14 23:04:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/10/14 23:04:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/14 23:04:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/14 23:04:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/10/14 23:04:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/10/14 23:04:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/09/16 21:18:25 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.sys
[2014/09/16 21:18:25 | 000,875,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.sys
[2014/09/16 21:18:25 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnets.sys
[2014/09/16 21:18:25 | 000,510,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symtdiv.sys
[2014/09/16 21:18:25 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.sys
[2014/09/16 21:18:25 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ironx64.sys
[2014/09/16 21:18:25 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.sys
[2014/09/16 21:18:25 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.sys
[2014/09/16 21:18:25 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.sys
[2014/09/16 21:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1505000.013
[2014/09/16 20:15:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/09/16 20:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/09/16 20:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/09/16 20:15:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/09/16 20:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/06/07 10:28:48 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Tracy\AppData\Local\BcsKtYcHW.dll
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/10/15 19:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/15 19:54:46 | 000,001,196 | ---- | M] () -- C:\Users\Tracy\Desktop\OTL - Shortcut.lnk
[2014/10/15 19:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/15 19:41:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 19:41:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/15 19:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/10/15 19:21:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000UA.job
[2014/10/15 16:23:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/15 07:41:46 | 000,001,769 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
[2014/10/15 07:41:39 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Tracy.job
[2014/10/15 07:41:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/15 07:41:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1953429275-1861937841-2176962007-1000Core.job
[2014/10/15 03:46:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Tracy.job
[2014/10/15 03:36:25 | 005,071,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/15 03:13:06 | 000,781,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/10/15 03:13:06 | 000,646,112 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/15 03:13:06 | 000,120,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/15 03:12:44 | 003,390,995 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/10/15 01:25:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Tracy.job
[2014/10/14 19:14:58 | 000,271,360 | ---- | M] () -- C:\Users\Tracy\Documents\Outlook.pst
[2014/10/14 12:44:28 | 000,048,844 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20141014.006
[2014/10/14 11:11:58 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/10/09 08:00:58 | 000,024,877 | ---- | M] () -- C:\Users\Tracy\Desktop\10574386_10202867470588311_7004745784083930470_n.jpg
[2014/10/04 07:55:42 | 000,000,104 | ---- | M] () -- C:\Users\Tracy\Desktop\The Internet - Shortcut.lnk
[2014/10/02 16:14:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2014/10/02 15:34:01 | 000,143,496 | ---- | M] () -- C:\Users\Tracy\Desktop\yhst-42929299039964_2219_1774585848_l.jpg
[2014/10/02 15:04:40 | 000,016,415 | ---- | M] () -- C:\Users\Tracy\Desktop\silver.png
[2014/10/02 09:28:30 | 000,042,859 | ---- | M] () -- C:\Users\Tracy\Desktop\Teeze-10G-s.jpg
[2014/10/02 09:27:04 | 000,239,182 | ---- | M] () -- C:\Users\Tracy\Desktop\1392845552.png
[2014/09/30 15:48:36 | 000,009,516 | ---- | M] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
[2014/09/30 05:21:20 | 000,019,456 | ---- | M] () -- C:\Users\Tracy\Documents\tiger mom vrs cowboys.wps
[2014/09/30 05:21:11 | 000,010,752 | ---- | M] () -- C:\Users\Tracy\Documents\monster at stanford.wps
[2014/09/29 17:30:47 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/28 10:23:01 | 000,002,551 | ---- | M] () -- C:\Users\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2014/09/25 10:35:32 | 000,406,862 | ---- | M] () -- C:\Users\Tracy\Documents\CCAC Verification.pdf
[2014/09/25 10:34:37 | 000,444,198 | ---- | M] () -- C:\Users\Tracy\Documents\Marriage License.pdf
[2014/09/25 10:33:20 | 000,563,923 | ---- | M] () -- C:\Users\Tracy\Documents\Sarahs birth certificate.pdf
[2014/09/25 10:32:25 | 000,563,831 | ---- | M] () -- C:\Users\Tracy\Documents\Abigayles Birth Certificate.pdf
[2014/09/25 10:31:24 | 000,315,806 | ---- | M] () -- C:\Users\Tracy\Documents\Codys Birth Certificate.pdf
[2014/09/24 20:02:19 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/23 07:39:06 | 923,620,198 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/22 18:28:10 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTracy.job
[2014/09/19 19:55:48 | 002,339,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/19 19:48:28 | 001,494,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/19 19:48:13 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/09/19 19:47:21 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/19 19:47:14 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/09/19 19:47:14 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/19 19:47:02 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/19 19:46:43 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/19 19:46:41 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/19 19:46:21 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/09/19 19:46:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/19 19:45:52 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/09/19 19:45:34 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/19 18:37:34 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/19 18:36:40 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/09/19 18:36:04 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/19 18:35:31 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/09/19 18:34:40 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/09/19 18:34:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/19 18:33:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/17 07:10:26 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/09/17 02:57:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/09/16 20:15:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/09/16 20:15:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/09/16 20:15:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/09/16 20:12:28 | 000,000,810 | ---- | M] () -- C:\Users\Tracy\Desktop\Norton Installation Files.lnk
[2014/09/16 12:56:02 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/10/15 19:54:34 | 000,001,196 | ---- | C] () -- C:\Users\Tracy\Desktop\OTL - Shortcut.lnk
[2014/10/15 14:53:53 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symelam64.cat
[2014/10/15 14:53:53 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.cat
[2014/10/15 14:53:53 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.cat
[2014/10/15 14:53:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnet64.cat
[2014/10/15 14:53:53 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.cat
[2014/10/15 14:53:53 | 000,008,188 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.cat
[2014/10/15 14:53:53 | 000,008,184 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.cat
[2014/10/15 14:53:53 | 000,008,184 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\iron.cat
[2014/10/15 14:53:53 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa.inf
[2014/10/15 14:53:53 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds.inf
[2014/10/15 14:53:53 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnet.inf
[2014/10/15 14:53:53 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.inf
[2014/10/15 14:53:53 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.inf
[2014/10/15 14:53:53 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symelam.inf
[2014/10/15 14:53:53 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.inf
[2014/10/15 14:53:53 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\iron.inf
[2014/10/15 14:53:33 | 000,030,068 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symvtcer.dat
[2014/10/15 14:53:33 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2014/10/14 15:26:16 | 000,048,844 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20141014.006
[2014/10/09 08:00:58 | 000,024,877 | ---- | C] () -- C:\Users\Tracy\Desktop\10574386_10202867470588311_7004745784083930470_n.jpg
[2014/10/04 07:55:42 | 000,000,104 | ---- | C] () -- C:\Users\Tracy\Desktop\The Internet - Shortcut.lnk
[2014/10/02 15:34:00 | 000,143,496 | ---- | C] () -- C:\Users\Tracy\Desktop\yhst-42929299039964_2219_1774585848_l.jpg
[2014/10/02 15:04:40 | 000,016,415 | ---- | C] () -- C:\Users\Tracy\Desktop\silver.png
[2014/10/02 09:28:29 | 000,042,859 | ---- | C] () -- C:\Users\Tracy\Desktop\Teeze-10G-s.jpg
[2014/10/02 09:27:04 | 000,239,182 | ---- | C] () -- C:\Users\Tracy\Desktop\1392845552.png
[2014/09/30 05:21:11 | 000,010,752 | ---- | C] () -- C:\Users\Tracy\Documents\monster at stanford.wps
[2014/09/25 10:35:31 | 000,406,862 | ---- | C] () -- C:\Users\Tracy\Documents\CCAC Verification.pdf
[2014/09/25 10:34:36 | 000,444,198 | ---- | C] () -- C:\Users\Tracy\Documents\Marriage License.pdf
[2014/09/25 10:33:20 | 000,563,923 | ---- | C] () -- C:\Users\Tracy\Documents\Sarahs birth certificate.pdf
[2014/09/25 10:32:25 | 000,563,831 | ---- | C] () -- C:\Users\Tracy\Documents\Abigayles Birth Certificate.pdf
[2014/09/25 10:31:24 | 000,315,806 | ---- | C] () -- C:\Users\Tracy\Documents\Codys Birth Certificate.pdf
[2014/09/17 07:07:26 | 003,390,995 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/09/16 21:18:25 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam64.cat
[2014/09/16 21:18:25 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.cat
[2014/09/16 21:18:25 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.cat
[2014/09/16 21:18:25 | 000,008,194 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa64.cat
[2014/09/16 21:18:25 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet64.cat
[2014/09/16 21:18:25 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.cat
[2014/09/16 21:18:25 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds64.cat
[2014/09/16 21:18:25 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.cat
[2014/09/16 21:18:25 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symefa.inf
[2014/09/16 21:18:25 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symds.inf
[2014/09/16 21:18:25 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symnet.inf
[2014/09/16 21:18:25 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtsp64.inf
[2014/09/16 21:18:25 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\srtspx64.inf
[2014/09/16 21:18:25 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\symelam.inf
[2014/09/16 21:18:25 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\ccsetx64.inf
[2014/09/16 21:18:25 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\iron.inf
[2014/09/16 21:18:09 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\isolate.ini
[2014/09/16 20:15:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/09/16 20:15:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/09/16 20:15:44 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/07/17 12:26:52 | 000,000,032 | ---- | C] () -- C:\Users\Tracy\jagex_cl_runescape_LIVE.dat
[2014/06/07 10:28:47 | 000,893,239 | ---- | C] () -- C:\Users\Tracy\AppData\Local\a.zip
[2013/10/15 08:42:53 | 000,000,680 | ---- | C] () -- C:\Users\Tracy\AppData\Local\d3d9caps.dat
[2013/07/28 12:40:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/18 15:05:30 | 000,011,264 | ---- | C] () -- C:\Users\Tracy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 13:25:01 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/06/14 11:35:05 | 000,000,005 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\WBPU-TTL.DAT
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/11 22:21:22 | 000,000,258 | RHS- | C] () -- C:\Users\Tracy\ntuser.pol
[2012/12/23 21:42:50 | 000,114,730 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpABBEY.JPG
[2011/04/10 15:34:25 | 264,076,312 | ---- | C] () -- C:\Users\Tracy\100_0367.AVI
[2011/04/09 14:27:52 | 131,092,216 | ---- | C] () -- C:\Users\Tracy\100_0357.AVI
[2011/03/27 15:28:59 | 008,379,428 | ---- | C] () -- C:\Users\Tracy\01 Guilty As Charged (feat. Estelle).m4a
[2011/01/04 18:16:08 | 000,001,940 | ---- | C] () -- C:\Users\Tracy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/21 22:41:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 22:01:54 | 000,036,970 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.JPG
[2010/08/25 22:01:54 | 000,034,964 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmpRANDI.0
[2010/07/26 10:12:18 | 000,006,548 | ---- | C] () -- C:\Users\Tracy\.recently-used.xbel
[2010/05/10 00:22:31 | 000,024,049 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.JPG
[2010/05/10 00:22:31 | 000,023,533 | ---- | C] () -- C:\Users\Tracy\AppData\Local\tmp24127_1344211615746_1544934352_31140848_8112699_N.0
[2009/08/21 13:45:04 | 000,019,550 | ---- | C] () -- C:\Users\Tracy\AppData\Local\slot1.mm1
[2009/05/29 13:25:08 | 000,009,516 | ---- | C] () -- C:\Users\Tracy\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 12:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 09:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
< End of report >
#4
Posted 15 October 2014 - 06:09 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
OTL Extras logfile created on: 10/15/2014 7:55:31 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracy\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 28.22% Memory free
12.17 Gb Paging File | 7.27 Gb Available in Paging File | 59.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.32 Gb Total Space | 329.02 Gb Free Space | 56.40% Space Free | Partition Type: NTFS
Drive D: | 12.85 Gb Total Space | 1.81 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
Drive H: | 7.39 Gb Total Space | 0.60 Gb Free Space | 8.15% Space Free | Partition Type: FAT32
Computer Name: HOME-PC | User Name: Tracy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 93 6B 3A F4 BE 12 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022700E4-C3AA-47CE-9064-0DA284A1069D}" = lport=8371 | protocol=6 | dir=in | name=league of legends launcher |
"{02B07793-F2E3-4736-B70A-849C06750676}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{05ABA71E-A39E-485C-AB25-3F163A727CA4}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{07728343-016F-4665-8526-24448A5DD282}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{20165D07-8C71-4C2A-8802-F55EE915C63D}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E951453-720A-4249-9586-05D7AA4727B7}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher |
"{3A4F6A3F-BF41-4CC5-9A62-8B6C6FEB2237}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C8A3050-1BCF-40CA-88F7-D661D8574826}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5F5571BF-7784-4DD2-A62E-AA7E6F4F997A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6CBD6722-9D6F-4FE4-87EF-9BD830111370}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{83F46227-0988-420F-BBF4-C8825C7DF139}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{8E606540-D504-4C38-BCAD-58C2484B3B85}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9123154A-33DD-46AE-81F3-C4DA2252E732}" = rport=139 | protocol=6 | dir=out | app=system |
"{928511F3-B73E-451C-BD91-69BBD006055A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97D3829D-418C-4F3F-B146-EEABFA7CD53C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1A4655B-AED0-49FF-94A3-E9ED072EB07B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B2484551-66BB-44DE-B03C-DC072C9C9099}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4BC3A86-3241-42E2-9594-17FFFC1CF457}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{B6D58AD9-F690-405C-97A3-C7F44311ECBB}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher |
"{BED21D73-DAD4-42E5-92CE-41A741AA704C}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF347618-1D11-4A54-9DF1-0483AEEE40C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1881663-3440-4B3A-BBDF-8A04EC062FC7}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{D9D0546E-2AE9-4DB6-B1A7-2C50811443EF}" = lport=8371 | protocol=17 | dir=in | name=league of legends launcher |
"{DF6299E0-1133-48C9-86C4-0E949F4EB961}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E05E59A8-EC9E-43C5-A3C4-4B37E736FD7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E7FF0742-5E15-43F4-AAEB-A666E946C452}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher |
"{E9FAFCC6-959C-4A5C-8405-5CC1C62F6DD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EC2F3F3F-02D5-4C2D-939B-5C3E8B813430}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF3E6CE9-3C6D-46EA-B5CA-301D9F88699C}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{F34EE361-3696-48D9-8F77-B0BF37004ECC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F4B8ADE0-A2AF-4DF5-8774-CA4AA5DCE99D}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher |
"{F5523455-8AE3-44F3-B329-AC389FF83254}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9670A01-8A0D-452B-A7B2-511FE15D4A38}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{FCE6175C-7C39-45C2-B171-7F9E1B69A76D}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6718A-8E09-4CA1-B8B5-A4C0044A7758}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{01BC55B3-328C-4F2A-A108-ABBFE63C8F69}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{01FF8286-39C6-4FE0-947D-244AA268C7D3}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{024213FA-3AA4-4D2F-883D-8C6B41C5557C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{03B87268-8026-4964-AB74-9442A9527DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{03F0A393-423E-44EF-A0BE-EF8AEF115BE6}" = protocol=1 | dir=in | [email protected],-28543 |
"{0512BC72-EB54-4FA7-97B3-C23E6FC60423}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{0ACF825D-90A1-45D8-8FEE-C74F7947B0CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BC4327E-A702-4730-8DB0-F5FA0A346E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{0C70712C-9E60-4A87-B1D3-422371D07ACA}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe |
"{0D2D1A82-3E6B-4BEF-BCF8-1B50CECB9647}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{10C51848-1D42-419E-B183-C2CBB90157CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{12258B35-15E9-470A-BBFC-A635CB5409EB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{12DF387F-4E58-4294-8F18-FDB9632B9C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\xfin_portal\dtuser.exe |
"{130C89D7-9708-4AA3-B83A-A0685C1DE471}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{15CEC3D3-D2C1-414A-A502-6554622473A8}" = protocol=17 | dir=in | app=c:\program files (x86)\dlsecuretb\dtuser.exe |
"{167BAC5F-66F1-496E-83FE-FEC1BBECD937}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{1AA0F2F2-94E2-4504-885E-D3869579E666}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{219B88B5-8CF7-44FC-BF8E-0F4B14B47A3F}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{2269EF80-7F0A-420E-9296-E1C90C21F06F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{28FF4D64-F878-4127-B93D-D44969ED30CD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{290A621F-B02E-4B9F-B49F-C0A4D520BB86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{29C06FFF-141B-4984-A985-333831B5C6C3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2A96866F-DDCA-45B1-AAB1-7B72761C51BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{2B9065E4-B38A-4B2E-95FE-85B9D17C4F26}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{2E8905DE-ABEA-470B-A959-3A8C1B226F2F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2F5AB145-62E8-499E-9A61-01F50FF90186}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{304BE9BC-53E6-471E-96BB-2A07356833C8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3296C788-A0B8-4E65-B1F5-EC49A46E940D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3367A87F-8FCC-4DD5-AB8E-2058A82F7DDD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{351991C6-9C1B-465E-B4D8-0428FDDF5A8C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{38D50BD5-ED1F-4846-BDA4-483A328E5418}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{3AF51FA2-B88F-428F-9E02-E9CA3ECCEE85}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{3B0C5432-6F40-4547-82F8-DC3789AD5A94}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3B589690-2BBF-48C7-848C-92DDB873E450}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3BEA67E9-4868-4976-B2A3-36AD9BCC73E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4105241A-5238-49F2-B4C7-D7CBCFDC29E4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{4317138B-437F-49BD-8192-28813CD80D6E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{45E03FD5-D6DB-4C3A-AC2D-8A62323D38C1}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{46583094-2E15-4760-806C-F67B4631FD35}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{4BE629F0-2CE7-411F-98C9-D180DF40F454}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{4E008D07-3A65-410E-B0D8-04BEF9711CAB}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe |
"{500E9717-D26C-4264-87DE-3CBC217C565A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{51045EF8-309A-46FB-8969-AD2B2F59526B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{546DFAA5-E74F-4E4B-AE14-D4AFF06AF8A9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{548196EA-DFD8-4863-892A-980F829A5EB9}" = protocol=6 | dir=in | app=c:\program files (x86)\dlsecuretb\dtuser.exe |
"{561FED2D-11D0-4C97-AC96-970D18D1F9AE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{57FCFD95-FA80-41B1-9D3D-F09B6C1CFE52}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{596C555E-7C8D-4C51-9384-5651BE7B572B}" = dir=in | app=c:\program files (x86)\constant guard protection suite\idvault.exe |
"{59E43124-7209-4202-A50D-7DA2F8934855}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{607FB60F-D124-4AEE-82D3-61A45EE1B434}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe |
"{64E2D6B5-49E9-4772-9F86-229FBD1166C3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{64FC7C2C-2796-443A-A29A-04D3D21CF502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6918E4AE-D8FC-49E8-91AF-97584B62BE41}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6974B65A-A961-411A-9250-58AEA79B446E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{73703FB0-8C6A-4149-B0D9-6E68B5193BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{76126DD7-B6A0-452E-B4FD-348970EE4E25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |
"{77E6B2DC-097D-47A2-93F3-13502B8B59E1}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{7A9A5A19-B0F4-43AC-8714-28604822A893}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{7DD816FD-E5C3-4BFC-8278-90BFE386D7A4}" = protocol=6 | dir=in | app=c:\program files (x86)\xfin_portal\dtuser.exe |
"{7EB78C91-089F-4FD2-A41A-FC1F38C8A075}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{7F3023F6-E0BE-481B-93E5-A1858C22A94A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{86CCEB3C-AE8F-4B03-A3DD-205F2802D550}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{88FED118-615F-438B-B92D-3F3D0BE98FBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{921A0520-0EF5-4431-8C05-923A682FB78A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |
"{92B91EDE-1B5A-47EC-A9EA-34ABBA2D18CA}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{96898CE9-192A-4DEA-B9EB-D737DB37C694}" = protocol=58 | dir=out | [email protected],-28546 |
"{997E864A-F5DD-4B95-BCA5-6F2FB3D33FBA}" = protocol=58 | dir=in | [email protected],-28545 |
"{9C5ADA5A-8B26-40CD-B8FA-07ED6C8D8CF0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A439F425-25C3-4E98-9300-579C2E95554D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A5C5E630-7261-4BF8-B147-EEEF3A825593}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A63639E0-E873-4BAA-B1A6-42D833CF72C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{A7EC8AC5-3F0A-4A61-B7B2-15E90C427E78}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{AA019790-B637-4C83-B635-A4602D759294}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{AD5FF138-1CB5-4A97-8D6B-12451183F058}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{ADCA02ED-AE0E-4D6C-8533-B84090B1E19F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |
"{B65DBA5B-6B96-4AD2-9D91-B146DC30B1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{BB185B0F-AED3-4E5F-BD81-228FAFB2E219}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{BDF03952-A3C8-4CEC-9FDA-54CEB244E348}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{BE1AFBA7-8F6A-4EBF-B6D4-49236EE74A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{BF588ABB-0221-4544-9974-D3881871A742}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |
"{C50D73B4-EF90-4012-876B-3393A9073292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB4D2707-9791-4F0C-B05B-50FEAD7CD5E5}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{CF04C498-25F7-4A19-B546-171C583091C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{D46994EA-3A54-47B7-AE59-DE7B013C8BDA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{D962BC8C-1854-4CE3-9D2B-6D998B9BE5DD}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{DCE125B2-5753-4128-8EE8-7ACF983E1C7E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{E0271837-E16C-4B23-9DEC-B4C0CA15EFC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E0DF3D7B-6F0A-4FD8-B6B3-4917F26B388A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{E2A8918E-0706-4D0D-897C-DE4BE52C029A}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{E9286A07-14A7-43D5-BDF0-BCE89E081C8A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{EB8C4488-8AC6-432A-84B3-8578D785BE7F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{EC2E83AF-3A3F-4761-8BFC-30EDADB7838E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{ED2D3C4E-68D9-42FA-B8A1-5A02B0B6D4DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F1AEF8F4-51BB-4FBC-A126-0B21719AE75F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F29005AF-F1B1-46E6-8810-03E7863B917A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{F2EE4088-C1B5-4937-B3A0-D865AF5EB620}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{F5FC013F-F750-4595-9E58-C97C0B822293}" = protocol=6 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe |
"{F60A8697-5934-4B99-8CB7-E8385A75229D}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD117E0B-A219-4ADB-A04A-C3F49B558964}" = protocol=17 | dir=in | app=c:\programdata\emailnotifier\emailnotifier.exe |
"{FD86B81B-18DA-4C73-8385-F2C6F109B509}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"TCP Query User{039F517F-0782-46AC-B000-DDB9E751F000}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{28F9E780-56A0-479B-8894-2E566D489E71}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"TCP Query User{4C21DCA0-69C1-4787-A868-6F2639EB1A86}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AD30FB7C-FDF2-471A-8E12-7D9F8465EAB7}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{C7B2F589-F065-4E50-8024-E9323CB53785}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{ED7E4D2E-86AF-4D38-A669-2686885AE235}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{7C391D61-79DA-4269-BF1D-1E58FCF70FFE}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{89BE46D5-9B35-4B57-BC15-967C0648A4E4}C:\users\tracy\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\tracy\program files (x86)\dna\btdna.exe |
"UDP Query User{91B0F4CF-9036-4230-BBFC-49B53C02F927}C:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{9BC50BF9-B1C6-4378-A712-08C0EBEB3525}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F0D7A2EE-9E4B-4A2E-BA3A-B8409DE580F0}C:\users\tracy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tracy\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F40146ED-C932-4F28-83BD-373CDC7D090A}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417055FF}" = Java 7 Update 55 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{791D3241-C6A4-417F-82E6-00543B6E5012}" = HP Deskjet 3510 series Product Improvement Study
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7F20F2D1-C425-4432-96BA-EBD0C2181493}" = HP Deskjet 3510 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.10
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Puran Defrag_is1" = Puran Defrag 7.6
"SP6" = Logitech SetPoint 6.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 65
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.7.6.367
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}" = P@H-Protocol
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = ASPCA Reminder by We-Care.com v4.1.22.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EEA7D922-7F21-42A1-B548-236984D36423}_is1" = Jihosoft Android Photo Transfer version 1.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All in one Cleaner_is1" = All in one Cleaner ver.1.0
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows5.0.0.8" = Coupon Printer for Windows
"DivX Setup.divx.com" = DivX Setup
"dlsecuretb" = DLSecure Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GSC 2.00" = GSC 2.00
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photo Creations" = HP Photo Creations
"ID Vault" = Constant Guard Protection Suite
"InfraRecorder" = InfraRecorder
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Mozilla Firefox 32.0.1 (x86 en-US)" = Mozilla Firefox 32.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PrintProjects" = PrintProjects
"PROR" = Microsoft Office Professional 2007 Trial
"pywin32-py2.6" = Python 2.6 pywin32-212
"RCA Updater_is1" = RCA Updater 1.0.4.0
"RealPlayer 16.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"Toontown Rewritten" = Toontown Rewritten
"Tweaks FileOpener" = FileOpener
"WildTangent hp Master Uninstall" = HP Games
"xfin_portal" = XFINITY Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"File Opener Packages" = File Opener Packages
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec
"PDF Reader" = PDF Reader
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/15/2014 3:03:57 AM | Computer Name = Home-PC | Source = Perflib | ID = 1021
Description =
Error - 10/15/2014 3:03:57 AM | Computer Name = Home-PC | Source = Perflib | ID = 1017
Description =
Error - 10/15/2014 3:03:57 AM | Computer Name = Home-PC | Source = Perflib | ID = 1008
Description =
Error - 10/15/2014 3:13:07 AM | Computer Name = Home-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 10/15/2014 3:13:38 AM | Computer Name = Home-PC | Source = Perflib | ID = 1021
Description =
Error - 10/15/2014 3:13:38 AM | Computer Name = Home-PC | Source = Perflib | ID = 1017
Description =
Error - 10/15/2014 3:37:05 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/15/2014 3:37:52 AM | Computer Name = Home-PC | Source = IDVault | ID = 0
Description = IsStartupTypeAutomatic failed for W32TimeCall was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
Error - 10/15/2014 3:37:56 AM | Computer Name = Home-PC | Source = CVHSVC | ID = 100
Description = Information only. The action cannot be completed. Try the action again.
If the problem continues, contact Microsoft Product Support.
Error - 10/15/2014 7:41:54 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ System Events ]
Error - 10/14/2014 3:02:24 AM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 10/15/2014 3:08:00 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =
Error - 10/15/2014 3:08:00 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/15/2014 3:08:00 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/15/2014 3:08:00 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 10/15/2014 3:08:00 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/15/2014 3:13:12 AM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 10/15/2014 3:37:53 AM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
Error - 10/15/2014 3:37:56 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10/15/2014 3:39:20 AM | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
< End of report >
#5
Posted 15 October 2014 - 06:39 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
I expected to see a lot of adware. There is none in the OTL Log report. Nothing appears to have been downloaded from your sons actions looking at the installed programs list in the extra's .txt log report.
We have some common left over files that we will address below. We will run 2 adware scans. Lets see what they show.
First
I expected to see a lot of adware. There is none in the OTL Log report. Nothing appears to have been downloaded from your sons actions looking at the installed programs list in the extra's .txt log report.
We have some common left over files that we will address below. We will run 2 adware scans. Lets see what they show.
First
- Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:COMMANDS [CREATERESTOREPOINT] :OTL DRV:64bit: - [2014/04/27 16:56:42 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) O3 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKU\S-1-5-21-1953429275-1861937841-2176962007-1000..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found [1 C:\Users\Tracy\Documents\*.tmp files -> C:\Users\Tracy\Documents\*.tmp -> ] :Files ipconfig /flushdns /c :Commands [emptytemp] [resethosts] - Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button.
Next
Please download AdwCleaner by Xplode onto your Desktop. - Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click the Scan button and wait for the process to complete.
- Click the Report button and the report will open in Notepad.
- NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
- Click on the Clean button follow the prompts.
- A log file will automatically open after the scan has finished and the PC has rebooted.
- Please post the content of that log file with your next answer.
- You can find the log file at C:\AdwCleaner
Next
Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
In your next reply post: - OTL Fix log. That log should pop up in front of you after the fix runs and computer reboots.
- The adwCleaner.txt log after running the clean option
- The JRT.txt Log
- The new OTL Log after quick scan
Thanks
Joe
#6
Posted 16 October 2014 - 05:50 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1953429275-1861937841-2176962007-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ComcastAntispyClient deleted successfully.
C:\Users\Tracy\Documents\fbutieoqhk.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tracy\Downloads\cmd.bat deleted successfully.
C:\Users\Tracy\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Tracy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7329969 bytes
->Java cache emptied: 6086424 bytes
->FireFox cache emptied: 4629935 bytes
->Google Chrome cache emptied: 375816864 bytes
->Flash cache emptied: 1283 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21258500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 743411 bytes
RecycleBin emptied: 1007447128 bytes
Total Files Cleaned = 1,357.00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10162014_073826
Files\Folders moved on Reboot...
C:\Windows\temp\_ir_sf_temp_0\irsetup.exe moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#7
Posted 16 October 2014 - 06:13 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
For the adw cleaner. I log file opened and when I went to copy it the box went white and now I can't find it.
#8
Posted 16 October 2014 - 06:23 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Tracy on Thu 10/16/2014 at 8:16:34.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Maps4PC_0c.XMLSessionPlugin.1
~~~ Files
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Tracy\appdata\locallow\maps4pc_0cei"
Successfully deleted: [Folder] "C:\Program Files (x86)\maps4pc_0cei"
~~~ FireFox
Emptied folder: C:\Users\Tracy\AppData\Roaming\mozilla\firefox\profiles\taimr24r.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/16/2014 at 8:21:41.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#9
Posted 16 October 2014 - 07:25 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Note: the logfile for {AdwCleaner} is also saved in C:\AdwCleaner\AdwCleaner[R0].txt
There may be a couple logs in there post them all, 1 is a scan log where it just finds files, the other is the clean log where it actually deleted the files it has found.
Thanks
Joe
For the adw cleaner. I log file opened and when I went to copy it the box went white and now I can't find it.
Note: the logfile for {AdwCleaner} is also saved in C:\AdwCleaner\AdwCleaner[R0].txt
There may be a couple logs in there post them all, 1 is a scan log where it just finds files, the other is the clean log where it actually deleted the files it has found.
Thanks
Joe
#10
Posted 16 October 2014 - 07:32 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
This is what it brought up, I'm not sure if it's the correct one or not.
# AdwCleaner v3.206 - Report created 04/05/2014 at 19:16:16
# Updated 04/05/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tracy - HOME-PC
# Running from : C:\Users\Tracy\Desktop\AdwCleaner (4).exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Users\Tracy\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\g6a064b4.default\user.js
File Found : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\user.js
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\AI_RecycleBin
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\InfoAtoms
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\registry mechanic
Folder Found : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Program Files (x86)\Zynga
Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\Alawar Stargaze
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Public\Documents\AlawarWrapper
Folder Found : C:\Users\Public\Documents\iWin
Folder Found : C:\Users\Tracy\.android
Folder Found : C:\Users\Tracy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Tracy\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Tracy\AppData\Roaming\FinalMediaPlayer
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Found : C:\Windows\SysWOW64\AI_RecycleBin
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\Software\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\taimr24r.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "orgnl");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "en");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "02e3f96400000000000000248c7e0144");
Line Found : user_pref("extensions.buenosearch.instlDay", "16188");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=02E300248C7E0144&affID=66528&tsp=5231");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_def&mntrId=02E300248C7E0144&affID=66528&tsp=5231");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:46:35");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\Tracy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YWxdm001YYus&ptb=B2FBC38F-5F80-40DF-82E9-07A8C1F9BF07&ind=2011090719&ptnrS=YWxdm001YYus&si=maps4pc&n=77decf1f&psa=&st=sb&searchfor={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
Found [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
*************************
AdwCleaner[R0].txt - [11979 octets] - [04/05/2014 19:16:16]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12040 octets] ##########
Do you need me to run it over again.
#11
Posted 16 October 2014 - 07:34 AM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
I think that one is from when I was having trouble with my computer in April
#12
Posted 16 October 2014 - 07:35 AM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
Hello,
Option : Scan
Now run the option clean, that will remove the files that the option scan has found.
Edit you're right that is an old log, run it again, scan and clean
Option : Scan
Now run the option clean, that will remove the files that the option scan has found.
Edit you're right that is an old log, run it again, scan and clean
#13
Posted 16 October 2014 - 12:43 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
# AdwCleaner v4.000 - Report created 16/10/2014 at 12:40:07
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Tracy - HOME-PC
# Running from : C:\Users\Tracy\Downloads\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16584
-\\ Mozilla Firefox v32.0.1 (x86 en-US)
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [12185 octets] - [04/05/2014 19:16:16]
AdwCleaner[R1].txt - [5831 octets] - [02/06/2014 07:47:27]
AdwCleaner[R2].txt - [1154 octets] - [02/06/2014 09:45:45]
AdwCleaner[R3].txt - [10461 octets] - [16/10/2014 07:59:29]
AdwCleaner[R4].txt - [1470 octets] - [16/10/2014 12:37:56]
AdwCleaner[S0].txt - [11328 octets] - [04/05/2014 19:20:06]
AdwCleaner[S1].txt - [5709 octets] - [02/06/2014 07:49:33]
AdwCleaner[S2].txt - [1216 octets] - [02/06/2014 09:46:51]
AdwCleaner[S3].txt - [9735 octets] - [16/10/2014 08:02:51]
AdwCleaner[S4].txt - [1310 octets] - [16/10/2014 12:40:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1370 octets] ##########
#14
Posted 16 October 2014 - 02:09 PM
zep516
-
- Malware Removal
-
- 8,090 posts
Trusted Helper
That log was clean
Hello
There are 2 Items I'd like to bring to your attention, located in your installed programs list from the extra's.txt Log report.
---> Registry cleaners can cause more issues then they resolve.
---> BitTorrent is not bad by itself, but it's used to download p2p programs, (person to person) file sharing and that is a malware risk. You're sharing files with other people. You may not know what you're always getting.
Lets run a final scan called ESET. This scan may take a while and it may show files alread in quarantine.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Joe
Hello
There are 2 Items I'd like to bring to your attention, located in your installed programs list from the extra's.txt Log report.
- BitTorrent
- Registry Mechanic 10.0
---> Registry cleaners can cause more issues then they resolve.
---> BitTorrent is not bad by itself, but it's used to download p2p programs, (person to person) file sharing and that is a malware risk. You're sharing files with other people. You may not know what you're always getting.
Lets run a final scan called ESET. This scan may take a while and it may show files alread in quarantine.
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go >>HERE<< then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the
icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
- Copy and paste that log as a reply to this topic.
- Now click on:
(Selecting Uninstall application on close if you so wish)
Joe
#15
Posted 16 October 2014 - 09:20 PM
busymomof4kids
- Topic Starter
-
- Member
-
- 39 posts
Member
Do I click enable detection of potentially unwanted applications or disable detection of potentially unwanted applications.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
