Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer runs slow, search conduit and vgrabber on chrome homepage..al


  • This topic is locked This topic is locked

#1
valgalvez

valgalvez

    Member

  • Member
  • PipPip
  • 32 posts

Hi there!

 

In addition to all the things in the title, today I've been unable to do anything in outlook I get an error msg saying its in use somewhere else, but Ive checked the task bar and it's not. Anyway, here is the OTL log:

 

OTL logfile created on: 11/4/2014 12:06:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DrBressman\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 43.75% Memory free
5.93 Gb Paging File | 3.39 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 39.27 Gb Free Space | 8.43% Space Free | Partition Type: NTFS
Drive D: | 139.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DRBRESSMAN | User Name: drbressman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/04 12:05:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DrBressman\Downloads\OTL.exe
PRC - [2014/10/21 20:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/10/19 22:32:46 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
PRC - [2014/10/08 04:49:36 | 000,042,848 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.6.0.32\coNatHst.exe
PRC - [2014/09/21 02:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.6.0.32\n360.exe
PRC - [2014/09/18 09:53:00 | 000,688,984 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2014/09/18 09:52:44 | 000,450,904 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/09/12 16:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\DrBressman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/06/03 01:30:10 | 000,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2014/04/30 19:51:56 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/04/30 19:51:56 | 000,822,880 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
PRC - [2014/04/30 19:51:35 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2014/04/07 02:06:58 | 000,023,552 | ---- | M] () -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/04/06 22:00:42 | 000,039,568 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/22 20:46:12 | 000,095,280 | ---- | M] (Prosoftnet) -- C:\Program Files\IDriveWindows\id_service.exe
PRC - [2013/12/18 10:42:34 | 001,513,848 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 14:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/08/01 16:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/29 21:49:24 | 000,792,608 | ---- | M] (Symantec) -- C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
PRC - [2012/09/29 21:49:22 | 000,104,480 | ---- | M] (Symantec) -- C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
PRC - [2012/04/25 13:32:27 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/31 22:23:04 | 000,297,392 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/08/06 12:51:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/06/22 18:34:44 | 000,324,896 | ---- | M] (Corel Corporation) -- c:\Program Files\Corel\WordPerfect Office X4\Programs\wpwin14.exe
PRC - [2002/08/08 05:23:16 | 003,890,688 | ---- | M] (Lotus Development Corporation) -- C:\lotus\organize\org5.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 20:05:00 | 014,902,600 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 20:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/10/16 11:57:35 | 000,043,008 | ---- | M] () -- c:\users\drbres~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_d8xi3.dll
MOD - [2014/10/16 02:44:42 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/16 02:44:38 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 02:44:18 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/16 02:44:00 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/16 02:42:55 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014/10/16 02:36:51 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/16 02:36:40 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/16 02:36:33 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/16 02:36:22 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/16 02:36:22 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\adacffe20a13932fd5ede3d0f8069f99\PresentationFramework.classic.ni.dll
MOD - [2014/10/16 02:36:18 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014/10/16 02:36:17 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/16 02:36:09 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 02:36:07 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 02:35:58 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 02:35:58 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 02:35:56 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/16 02:35:56 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/16 02:35:55 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 02:35:52 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 02:35:50 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/12 16:20:58 | 003,610,624 | ---- | M] () -- C:\Users\DrBressman\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/02/27 03:03:32 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/18 10:42:34 | 000,305,520 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/23 11:01:44 | 025,100,288 | ---- | M] () -- C:\Users\DrBressman\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2007/07/25 15:29:46 | 000,431,392 | ---- | M] () -- c:\Program Files\Corel\WordPerfect Office X4\Programs\PsiClient.dll
MOD - [2000/03/26 23:19:02 | 000,229,376 | ---- | M] () -- C:\lotus\compnent\lticnc90.dll
MOD - [1998/08/27 23:42:46 | 000,220,160 | ---- | M] () -- C:\lotus\organize\ormutil.dll
MOD - [1998/08/27 23:42:46 | 000,153,088 | ---- | M] () -- C:\lotus\organize\ormmime.dll
MOD - [1998/08/27 23:42:46 | 000,138,752 | ---- | M] () -- C:\lotus\organize\ormprot.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/09/21 02:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/18 16:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/18 09:52:44 | 000,450,904 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/04/30 19:51:56 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/04/07 02:06:58 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/04/06 22:00:42 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/12/22 20:46:12 | 000,095,280 | ---- | M] (Prosoftnet) [Auto | Running] -- C:\Program Files\IDriveWindows\id_service.exe -- (IDriveService)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/09 09:47:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/29 21:50:02 | 001,160,224 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2012/09/29 21:49:46 | 001,147,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2012/09/29 21:49:24 | 000,792,608 | ---- | M] (Symantec) [Auto | Running] -- C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe -- (NU16StartManagerSvc)
SRV - [2012/05/09 02:02:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/04/25 13:32:27 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/31 22:23:04 | 000,297,392 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/08/06 12:51:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/10/03 11:19:32 | 001,138,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\BASHDefs\20141030.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/09/26 05:56:34 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141103.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/09/26 05:56:34 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\VirusDefs\20141103.034\NAVENG.SYS -- (NAVENG)
DRV - [2014/09/08 23:11:51 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/08 23:11:51 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/29 09:18:27 | 000,476,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.1.7\Definitions\IPSDefs\20141103.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/08/25 18:20:22 | 000,664,792 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\1506000.020\srtsp.sys -- (SRTSP)
DRV - [2014/08/25 18:20:22 | 000,032,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1506000.020\srtspx.sys -- (SRTSPX)
DRV - [2014/08/06 11:48:16 | 000,209,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1506000.020\ironx86.sys -- (SymIRON)
DRV - [2014/08/04 16:44:09 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014/03/06 14:54:22 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/03/03 20:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1506000.020\symefa.sys -- (SymEFA)
DRV - [2014/02/17 17:32:41 | 000,447,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1506000.020\symnets.sys -- (SymNetS)
DRV - [2014/01/24 10:31:07 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2014/01/22 08:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/09/25 18:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1506000.020\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 18:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1506000.020\symds.sys -- (SymDS)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {64B8889C-70AB-43EF-9976-71A61F613D2C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{64B8889C-70AB-43EF-9976-71A61F613D2C}: "URL" = http://www.google.co...&rlz=1I7RNRN_en
IE - HKCU\..\SearchScopes\{9F3041D4-DAB3-4376-8E11-56A189A1B689}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\DrBressman\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/30 19:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\coFFPlgn\ [2014/10/16 03:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.1.7\IPSFF [2014/03/10 23:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/30 19:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [2014/05/15 20:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/04/30 19:52:52 | 000,000,000 | ---D | M]
 
[2012/05/07 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Extensions
[2010/03/09 15:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/28 18:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Firefox\Profiles\yatph4m4.default\extensions
[2012/12/24 17:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Firefox\Profiles\yatph4m4.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
[2012/12/24 17:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Firefox\Profiles\yatph4m4.default\extensions\[email protected]
[2013/01/24 19:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/15 23:45:48 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DrBressman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - default_search_provider: BC6C1697ED5D37001E2ECAFA61E89C5A1F68202A19C0B18AF5464197601F3CAB (Enabled)
CHR - default_search_provider: search_url = B255AF7EC46D1FFDC2C879D2C93BA542F5B6EEDFE53D7698D12F01663616A71F
CHR - default_search_provider: suggest_url = 
CHR - homepage: B10314CDE10F82377C8703D246CE4379ABDDC8B51AF74DD54273147EDDA4265B
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Wondershare Video Converter Ultimate = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp\7.0.0_0\
CHR - Extension: Google Search = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer Downloader = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Vgrabber v1 = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\
CHR - Extension: Vgrabber v1 = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\nativeMessaging\nmHost
CHR - Extension: ZenSearch = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lificnbhpecdikcjmcpdinkjbigomafg\1.0_0\
CHR - Extension: Norton Security Toolbar = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.9.12_0\
CHR - Extension: Norton Safe = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.0.9_0\
CHR - Extension: Google Wallet = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Amazon for Chrome = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.1022.0_0\
CHR - Extension: Gmail = C:\Users\DrBressman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2010/07/16 10:43:56 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 159.140.175.95 icis.sach.org
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IDrive Background process] "C:\Program Files\IDriveWindows\idwbg_600.exe" File not found
O4 - HKLM..\Run: [IDrive Tray] "C:\Program Files\IDriveWindows\idrivetray.exe" min File not found
O4 - HKLM..\Run: [ScrewDrivers RDP Plugin] C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [IDrive Background process] "C:\Program Files\IDriveWindows\idwbg_600.exe" File not found
O4 - HKCU..\Run: [IDrive Tray] "C:\Program Files\IDriveWindows\idrivetray.exe" min File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\DrBressman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DrBressman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: care360.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: questdiagnostics.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: care360.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: force.com ([labrix.secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: questdiagnostics.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BRESSMAN.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0F2E3C-4ABA-4359-A6C8-F38F15A21ACC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A0F2E3C-4ABA-4359-A6C8-F38F15A21ACC}: NameServer = 192.168.1.2,4.2.2.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/02/28 17:39:35 | 000,000,000 | ---D | M] - C:\AutoFix -- [ NTFS ]
O32 - AutoRun File - [2009/07/22 11:40:30 | 000,003,949 | R--- | M] () - D:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2009/03/23 15:16:12 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{28a2d3f6-fc33-11e0-9dbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28a2d3f6-fc33-11e0-9dbf-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2009/07/22 11:40:30 | 000,003,949 | R--- | M] ()
O33 - MountPoints2\{4ab833fd-7f69-11e3-82f7-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab833fd-7f69-11e3-82f7-0030672f1685}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{9ba3c3ea-94a0-11e3-abc4-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba3c3ea-94a0-11e3-abc4-0030672f1685}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c24d74b4-2e4e-11e2-b56a-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{c24d74b4-2e4e-11e2-b56a-0030672f1685}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/14 19:48:02 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/07/14 19:48:02 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/07/14 19:48:02 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/04 11:38:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/03 23:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/03 16:00:02 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_drbressman.job
[2014/10/31 13:59:50 | 000,001,970 | ---- | M] () -- C:\Users\DrBressman\Desktop\LOTUS.GCF
[2014/10/31 13:59:49 | 004,023,296 | ---- | M] () -- C:\Users\DrBressman\Desktop\LOTUS.or5
[2014/10/30 09:59:04 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/30 09:59:04 | 000,026,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/29 12:39:20 | 000,012,536 | ---- | M] () -- C:\Users\DrBressman\Documents\ARANDA JULIE 093014.wpd
[2014/10/29 11:22:09 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/10/27 15:42:03 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/22 18:51:08 | 000,003,895 | ---- | M] () -- C:\Users\DrBressman\Documents\Murray  102214.wpd
[2014/10/21 20:45:35 | 005,842,413 | ---- | M] () -- C:\Users\Public\Documents\20141019_165151.jpg
[2014/10/16 02:59:54 | 000,416,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/10/16 02:59:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/16 02:59:10 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/22 18:32:01 | 000,003,895 | ---- | C] () -- C:\Users\DrBressman\Documents\Murray  102214.wpd
[2014/10/21 20:45:35 | 005,842,413 | ---- | C] () -- C:\Users\Public\Documents\20141019_165151.jpg
[2014/10/06 15:41:05 | 000,012,536 | ---- | C] () -- C:\Users\DrBressman\Documents\ARANDA JULIE 093014.wpd
[2014/05/15 20:42:28 | 000,721,263 | ---- | C] () -- C:\Windows\System32\WSCM64.dll
[2014/05/15 20:42:28 | 000,214,528 | ---- | C] () -- C:\Windows\System32\WSCM32.dll
[2013/11/04 20:00:54 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/05/20 19:34:44 | 000,037,920 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/09/13 11:24:12 | 000,002,532 | ---- | C] () -- C:\Users\DrBressman\September 13.wpd
[2012/07/24 21:38:53 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8BD1CCC915.sys
[2012/05/07 19:21:39 | 000,003,584 | ---- | C] () -- C:\Users\DrBressman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/07 19:19:51 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/28 14:42:26 | 000,148,177 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2010/07/26 11:05:32 | 000,000,181 | ---- | C] () -- C:\Users\DrBressman\AppData\Roaming\mainhst.zgh
[2010/07/19 14:58:26 | 000,113,224 | ---- | C] () -- C:\Users\DrBressman\g2ax_customer_downloadhelper_win32_x86.exe
[2010/07/14 19:48:02 | 000,402,800 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2010/07/14 19:48:02 | 000,130,416 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2010/04/14 08:30:37 | 000,060,864 | ---- | C] () -- C:\Users\DrBressman\g2mdlhlpx.exe
[2010/03/18 10:54:03 | 000,103,784 | ---- | C] () -- C:\Users\DrBressman\GoToAssistDownloadHelper.exe
[2010/02/04 12:28:35 | 000,001,915 | ---- | C] () -- C:\Users\DrBressman\AppData\Roaming\SAS7_000.DAT
[2010/01/06 21:54:33 | 000,061,678 | ---- | C] () -- C:\Users\DrBressman\AppData\Roaming\PFP110JPR.{PB
[2010/01/06 21:54:33 | 000,012,358 | ---- | C] () -- C:\Users\DrBressman\AppData\Roaming\PFP110JCM.{PB
[2010/01/06 17:13:52 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/05/07 12:16:56 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/21 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\DefaultTab
[2012/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\DriverCure
[2014/10/16 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Dropbox
[2014/07/08 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\EncryptStick
[2014/09/16 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Garmin
[2012/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\ICAClient
[2012/05/07 12:17:07 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\JawboneUpdater
[2012/12/14 11:50:29 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Machete
[2012/05/07 12:17:30 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Motorola
[2012/05/07 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Nuance
[2012/12/14 12:06:46 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\OpenCandy
[2013/05/20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Product_NU16
[2010/08/23 13:14:31 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\TeamViewer
[2012/05/07 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Thunderbird
[2012/05/07 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Tific
[2013/10/10 16:05:01 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Ulead Systems
[2012/05/07 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\WebEx
[2014/01/24 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Wondershare
[2014/05/15 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/05/07 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\ZipGenius
[2014/05/15 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\DrBressman\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 257 bytes -> C:\ProgramData\TEMP:7FFED16F
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:792D4CF1
 
< End of report >
 
Thank you for your help :)

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

If you still need assistance, there is an Extras.txt file in your downloads directory from when you ran the OTL tool. Can you post the contents of this file as well?

 

Thank you.


  • 0

#3
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here you go:
OTL Extras logfile created on: 11/4/2014 12:06:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\DrBressman\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 43.75% Memory free
5.93 Gb Paging File | 3.39 Gb Available in Paging File | 57.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 39.27 Gb Free Space | 8.43% Space Free | Partition Type: NTFS
Drive D: | 139.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: DRBRESSMAN | User Name: drbressman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X6] -- "c:\Program Files\Corel\Corel PaintShop Pro X6\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0652E061-4174-4ED0-B3EF-4DB1FF96D900}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{312ABE8D-0EDD-4500-A52C-139AAD673CAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{489B5EA1-D8EF-45C4-ACE3-00878E2776F1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{54B650F9-A06E-4F43-8CC8-415AB1D62062}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{5FEA3F4E-4595-4EDD-B8CD-3685629DEF21}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C0CCB3F3-7D37-4C09-95E4-BBD47D6190F2}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{D8AA748C-82DD-42B0-A530-22F01953BFF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DF1F83-875E-4FC2-9C9E-79E32745E524}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{32057C83-1449-4853-B673-5AA794116D83}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{336D394C-218C-4914-8BB9-10A228F14F4B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{34E4CE2D-0876-456F-8897-9C7E642E4DC9}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | 
"{42B6CD5D-1B1A-4096-A1B7-B8FBB87F5CA1}" = protocol=17 | dir=in | app=c:\users\drbressman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{49A079FD-1857-483B-88DE-90E0C888D62A}" = protocol=6 | dir=in | app=c:\users\drbressman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{49A09B77-B1B4-4251-B79E-37F078E5DC77}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{65155FA4-B6E8-4972-A4AE-BBCCD8BDAC8D}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | 
"{75EC02FE-E970-4E2A-B528-D076E1C38109}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{7A0F4FF1-8277-432D-9FDF-1E9F889CB52F}" = protocol=6 | dir=in | app=c:\program files\real\realplayer\rpds\bin\rpdsvc.exe | 
"{941FCA8E-CC5C-4421-86FF-11BC70F45EDB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{9BBBF8C5-E953-4A86-A083-84115E331E1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A05A7137-785F-4298-8609-6A2588E0E308}" = dir=in | app=c:\users\drbressman\appdata\local\microsoft\skydrive\skydrive.exe | 
"{A1825278-FBCB-4A7D-9548-7FE88BE49CDE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A566FCED-8634-42E1-9E57-819DE8CFE23D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C0618D50-1642-4A3B-ABDA-B374251B7154}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C19B334E-6F10-4F70-8BAF-11FBF1E0D511}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{D56AFFA2-283A-4707-B036-B2743439518C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{DD049F63-F4AE-4A53-8708-E6CE29954287}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{EA64162C-EBBE-475C-B0A2-E62D981F5252}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F78B2611-40D0-4D44-97F3-339B518868F1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{8C42EDAF-0227-43ED-B5CB-99FBD48D1D30}C:\program files\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files\wondershare\mobilego for android\mobilegoservice.exe | 
"UDP Query User{59FFB3F0-3E6C-4DA3-A6C7-918B86031A1C}C:\program files\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files\wondershare\mobilego for android\mobilegoservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = Corel PaintShop Pro X6
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C0EBE}_is1" = TSPrint Client
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}" = Setup
"{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}" = Corel PaintShop Pro X6
"{162BD2D6-6C63-41A7-8151-93188450D36A}" = PSPPContent
"{16346B2A-87BC-407C-9D6B-72A4D21ABF03}" = PSPPHelp
"{164D34E1-0271-4960-8A26-E8990A302DB1}" = IPM_PSP_COM
"{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = ICA
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}" = RealDownloader
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{447c27b7-3a63-4cb2-a49c-864050f9a50f}" = Garmin Express
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DBFBF2-F7EB-4268-8485-9471D83C4E66}" = Garmin Communicator Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{785B8A29-F7A5-45AF-ADF8-4087553B80EF}" = Garmin Express Tray
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{86D04316-F49A-4AF2-B3F1-A1E943886CE7}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B7F171F9-0D09-4B9E-BC7D-50A527E9BB4A}" = WebEx Event Manager for Firefox or Chrome
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C7947D99-CAD8-45B9-ACAC-8E950B6805C1}" = ANT Drivers Installer x86
"{C85A8187-7E95-429D-9C9C-57C10268B3CF}" = DriverUpdate
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DF8685DB-224E-47AA-99B7-7FCD7F12F368}" = ScrewDrivers Client v4 (rdp only)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E71DBD65-F130-4DCC-B228-1F5EC43283B6}" = Garmin Express
"{EA786E1C-F052-46B2-8BF8-48E363D057B2}" = Elevated Installer
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDrive Windows_is1" = IDrive Version - 6.0
"Jawbone Updater" = Jawbone Updater
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"N360" = Norton 360
"Norton Utilities 16_is1" = Norton Utilities 16
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 17.0" = RealPlayer Cloud
"WinLiveSuite" = Windows Live Essentials
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 7.1.2.0)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.3.0.1468
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/2/2014 7:00:48 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/2/2014 7:00:48 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/3/2014 7:01:06 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/3/2014 7:01:06 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/4/2014 12:01:43 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Faulting module name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Exception code: 0xc0000005  Fault offset: 0x00737d90  Faulting process
 id: 0x1ff8  Faulting application start time: 0x01cff7e3f1f8f7ca  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Faulting module path:
 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Report Id: 49421945-63d7-11e4-937e-0030672f1685
 
Error - 11/4/2014 7:01:18 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/4/2014 7:01:18 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 11/4/2014 3:32:05 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Faulting module name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Exception code: 0xc0000005  Fault offset: 0x00737d90  Faulting process
 id: 0x1ccc  Faulting application start time: 0x01cff865eb39f7e8  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Faulting module path:
 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Report Id: 418bd814-6459-11e4-937e-0030672f1685
 
Error - 11/4/2014 3:45:59 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Faulting module name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Exception code: 0xc0000005  Fault offset: 0x00737d90  Faulting process
 id: 0x1fd0  Faulting application start time: 0x01cff867f11ea275  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Faulting module path:
 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Report Id: 32fbecd1-645b-11e4-937e-0030672f1685
 
Error - 11/4/2014 3:46:51 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Faulting module name: OUTLOOK.EXE, version: 12.0.6691.5000, time
 stamp: 0x52e8c57c  Exception code: 0xc0000005  Fault offset: 0x00737d90  Faulting process
 id: 0x1f4c  Faulting application start time: 0x01cff86810b6c511  Faulting application
 path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Faulting module path:
 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE  Report Id: 51a1366f-645b-11e4-937e-0030672f1685
 
[ Media Center Events ]
Error - 1/11/2012 5:36:09 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/11/2012 5:08:14 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/12/2012 5:41:16 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/18/2012 5:41:48 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/18/2012 6:45:30 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/18/2012 7:47:39 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/20/2012 5:35:56 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/20/2012 6:39:22 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
Error - 1/29/2012 5:47:42 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 
 
[ OSession Events ]
Error - 12/1/2011 1:39:20 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 111181
 seconds with 13680 seconds of active time.  This session ended with a crash.
 
Error - 12/28/2011 11:51:55 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14228
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
Error - 6/18/2012 11:06:12 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 1/7/2013 1:39:01 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1589
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 4/22/2013 2:10:16 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 238
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 2/27/2014 2:50:59 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6269
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error - 2/28/2014 5:24:14 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 410
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 3/4/2014 1:30:04 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 288341
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 7/2/2014 11:37:18 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 113
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/28/2014 10:43:58 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 167
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/13/2014 5:20:39 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
 following error:   %%2
 
Error - 10/13/2014 5:20:39 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 10/16/2014 7:00:02 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 10/16/2014 7:00:02 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain BRESSMAN due to the following:   %%1311    This may lead to authentication 
problems. Make sure that this  computer is connected to the network. If the problem
 persists,  please contact your domain administrator.        ADDITIONAL INFO    If this computer
 is a domain controller for the specified domain, it  sets up the secure session to
 the primary domain controller emulator in the specified  domain. Otherwise, this 
computer sets up the secure session to any domain controller  in the specified domain.
 
Error - 10/16/2014 7:00:04 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
 following error:   %%2
 
Error - 10/16/2014 7:04:01 AM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80242016: Update for Windows 7 (KB2952664).
 
Error - 10/16/2014 3:58:48 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = DCOM | ID = 10010
Description = 
 
Error - 10/19/2014 3:07:12 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 10/19/2014 3:09:25 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain BRESSMAN due to the following:   %%1311    This may lead to authentication 
problems. Make sure that this  computer is connected to the network. If the problem
 persists,  please contact your domain administrator.        ADDITIONAL INFO    If this computer
 is a domain controller for the specified domain, it  sets up the secure session to
 the primary domain controller emulator in the specified  domain. Otherwise, this 
computer sets up the secure session to any domain controller  in the specified domain.
 
Error - 10/19/2014 3:09:26 PM | Computer Name = DrBressman.BRESSMAN.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
 
< End of report >
 
There wasn't any links to tools to download? Wasn't sure if you were going to send them after I sent you this. :) thanks

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Since I'm in training, my fixes need to be approved first. I'll post as soon as it's approved. Quick question.

 

Are you aware of the following hosts entry on the machine? If not I'll remove it. Let me know. Thanks.

 

159.140.175.95 icis.sach.org


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - Warnings

Low on Disk Space
Your C:\ drive is low on space. It only has about 8% free disk space. This can adversely affect the performance of your computer. It's recommended to have at least 15% free disk space so that tools such as the automated defragger can keep your drive optimized. You need to clean up at least 30GB of space for optimal performance.

 

 

Step#2 - Questions

1. Are you aware of the Internet Proxy setting on your machine? (ProxyOverride" = *.local;192.168.*.*)

2. Do you currently use the IDrive for online backups? If so is it working properly?

 

Step#3 - Uninstalls
 Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

Java 7 Update 21 (We'll be updating this later)
Microsoft Security Essentials
Microsoft Antimalware

 

 

 

Step#4 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
[2012/12/24 17:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Firefox\Profiles\yatph4m4.default\extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}

[2012/12/24 17:48:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DrBressman\AppData\Roaming\mozilla\Firefox\Profiles\yatph4m4.default\extensions\[email protected]
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKCU..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O33 - MountPoints2\{28a2d3f6-fc33-11e0-9dbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28a2d3f6-fc33-11e0-9dbf-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2009/07/22 11:40:30 | 000,003,949 | R--- | M] ()
O33 - MountPoints2\{4ab833fd-7f69-11e3-82f7-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab833fd-7f69-11e3-82f7-0030672f1685}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{9ba3c3ea-94a0-11e3-abc4-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba3c3ea-94a0-11e3-abc4-0030672f1685}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c24d74b4-2e4e-11e2-b56a-0030672f1685}\Shell - "" = AutoRun
O33 - MountPoints2\{c24d74b4-2e4e-11e2-b56a-0030672f1685}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
@Alternate Data Stream - 257 bytes -> C:\ProgramData\TEMP:7FFED16F
@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:792D4CF1

 

:Commands
[EmptyTemp]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#6 - Remove Chrome Extensions (if not already)
1. Please type or copy/paste chrome:extensions into the address bar of Chrome and hit enter on the keyboard.

 

ChromeExtensions.JPG

2. You will be brought to the Extensions area of Chrome. If you see entries for vgrabber or ZenSearch please click the trash can icon next to these to delete the extension.

DeleteExtension.JPG

 

 

3. Close Chrome when done.

 

 

Step#7 - Set Chrome Default Search Provider and Home Page

1. Click the Chrome menu Settings.JPG on the browser toolbar.
2. Select Settings.
3. In the "Search" section, click Manage search engines.
SearchSection.JPG
 
4. Select which search engine you want to be the default and then click on the Make default button that appears. Note: If your preferred search engine is already in bold text and has the
    word (Default) after it then it is already set as the default and you can go to the next step without selecting anything.
SearchEngines.JPG
 
5. Hover the mouse over any other suspicious search engine entries (i.e. conduit) that are not familiar and click X to remove them as show below.
RemoveBadSearchEngines.JPG
 
6. Click the Done button when you are finished.

7. Click the Chrome menu Settings.JPG on the browser toolbar.
8. Select Settings.
9. Under the Appearance section, check the "Show Home button" option and click the Change button as shown below.
Appearance.JPG
 
10. Then select the "Open this page" radio button and type in your preferred home page. This is the page that your browser will go to when you first open it up. Click OK when done.
HomePage.JPG
 
11. Scroll down to the Privacy section and click the Clear browsing data... button.
Privacy.JPG
 
12. Select "the beginning of time" from the drop-down box and ensure that the four options are checked shown below.
Cache.JPG
 
13. Click the Clear browsing data button.

 

 

Step#8 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Note: Ensure that the Addition.txt check box is checked at the bottom of the form within the Optional Scan area.
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your next post

1. Answers to my questions (including the one about 159.140.175.95 icis.sach.org from my previous post)

2. OTL Fix Log

3. AdwCleaner Log

4. FRST and Addition logs

5. How's your machine doing?

 


  • 0

#6
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

You can remove the icis.sach.org host, I am aware of it but no longer have need for it, and the internet proxy I am not aware of..could it be related to an outside server I connect to?

 

I am currently starting on the other instructions and will post logs shortly.

 

Thanks


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

could it be related to an outside server I connect to?

 

Since it's a private IP address that is showing I don't believe so. We'll remove that as well in the next cleanup.


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Checking in to see if you will be posting the logs?


  • 0

#9
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP